Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
MkWMm5piE5.exe

Overview

General Information

Sample name:MkWMm5piE5.exe
renamed because original name is a hash value
Original sample name:2daa3a1b14af19d4daf3a60a493d2613b87eba00e13b21e1b12dcea681b3dc80.exe
Analysis ID:1571338
MD5:05d551d9e91e59cfa28c7d7b2a5e2374
SHA1:b9d58e533693c1936dc515d9c0400ca36dc0c049
SHA256:2daa3a1b14af19d4daf3a60a493d2613b87eba00e13b21e1b12dcea681b3dc80
Tags:busquedasxurl-comexeuser-JAMESWT_MHT
Infos:

Detection

Python Stealer
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Found pyInstaller with non standard icon
Sigma detected: Suspicious Script Execution From Temp Folder
Yara detected Generic Python Stealer
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • MkWMm5piE5.exe (PID: 6444 cmdline: "C:\Users\user\Desktop\MkWMm5piE5.exe" MD5: 05D551D9E91E59CFA28C7D7B2A5E2374)
    • MkWMm5piE5.exe (PID: 4152 cmdline: "C:\Users\user\Desktop\MkWMm5piE5.exe" MD5: 05D551D9E91E59CFA28C7D7B2A5E2374)
      • powershell.exe (PID: 2768 cmdline: powershell -Command " Add-Type -AssemblyName System.Windows.Forms Add-Type -AssemblyName System.Drawing $screen = [System.Windows.Forms.SystemInformation]::VirtualScreen $bitmap = New-Object System.Drawing.Bitmap $screen.Width, $screen.Height $graphics = [System.Drawing.Graphics]::FromImage($bitmap) $graphics.CopyFromScreen($screen.Location, [System.Drawing.Point]::Empty, $screen.Size) $bitmap.Save(\"C:\Users\user\AppData\Local\Temp\desktop_screenshot.png\") " MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 3020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: MkWMm5piE5.exe PID: 4152JoeSecurity_GenericPythonStealerYara detected Generic Python StealerJoe Security

    Sigma Signatures

    System Summary

    barindex
    Sigma detected: Suspicious Script Execution From Temp Folder
    Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: powershell -Command " Add-Type -AssemblyName System.Windows.Forms Add-Type -AssemblyName System.Drawing $screen = [System.Windows.Forms.SystemInformation]::VirtualScreen $bitmap = New-Object System.Drawing.Bitmap $screen.Width, $screen.Height $graphics = [System.Drawing.Graphics]::FromImage($bitmap) $graphics.CopyFromScreen($screen.Location, [System.Drawing.Point]::Empty, $screen.Size) $bitmap.Save(\"C:\Users\user\AppData\Local\Temp\desktop_screenshot.png\") ", CommandLine: powershell -Command " Add-Type -AssemblyName System.Windows.Forms Add-Type -AssemblyName System.Drawing $screen = [System.Windows.Forms.SystemInformation]::VirtualScreen $bitmap = New-Object System.Drawing.Bitmap $screen.Width, $screen.Height $graphics = [System.Drawing.Graphics]::FromImage($bitmap) $graphics.CopyFromScreen($screen.Location, [System.Drawing.Point]::Empty, $screen.Size) $bitmap.Save(\"C:\Users\user\AppData\Local\Temp\desktop_screenshot.png\") ", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\MkWMm5piE5.exe", ParentImage: C:\Users\user\Desktop\MkWMm5piE5.exe, ParentProcessId: 4152, ParentProcessName: MkWMm5piE5.exe, ProcessCommandLine: powershell -Command " Add-Type -AssemblyName System.Windows.Forms Add-Type -AssemblyName System.Drawing $screen = [System.Windows.Forms.SystemInformation]::VirtualScreen $bitmap = New-Object System.Drawing.Bitmap $screen.Width, $screen.Height $graphics = [System.Drawing.Graphics]::FromImage($bitmap) $graphics.CopyFromScreen($screen.Location, [System.Drawing.Point]::Empty, $screen.Size) $bitmap.Save(\"C:\Users\user\AppData\Local\Temp\desktop_screenshot.png\") ", ProcessId: 2768, ProcessName: powershell.exe
    Sigma detected: Non Interactive PowerShell Process Spawned
    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -Command " Add-Type -AssemblyName System.Windows.Forms Add-Type -AssemblyName System.Drawing $screen = [System.Windows.Forms.SystemInformation]::VirtualScreen $bitmap = New-Object System.Drawing.Bitmap $screen.Width, $screen.Height $graphics = [System.Drawing.Graphics]::FromImage($bitmap) $graphics.CopyFromScreen($screen.Location, [System.Drawing.Point]::Empty, $screen.Size) $bitmap.Save(\"C:\Users\user\AppData\Local\Temp\desktop_screenshot.png\") ", CommandLine: powershell -Command " Add-Type -AssemblyName System.Windows.Forms Add-Type -AssemblyName System.Drawing $screen = [System.Windows.Forms.SystemInformation]::VirtualScreen $bitmap = New-Object System.Drawing.Bitmap $screen.Width, $screen.Height $graphics = [System.Drawing.Graphics]::FromImage($bitmap) $graphics.CopyFromScreen($screen.Location, [System.Drawing.Point]::Empty, $screen.Size) $bitmap.Save(\"C:\Users\user\AppData\Local\Temp\desktop_screenshot.png\") ", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\MkWMm5piE5.exe", ParentImage: C:\Users\user\Desktop\MkWMm5piE5.exe, ParentProcessId: 4152, ParentProcessName: MkWMm5piE5.exe, ProcessCommandLine: powershell -Command " Add-Type -AssemblyName System.Windows.Forms Add-Type -AssemblyName System.Drawing $screen = [System.Windows.Forms.SystemInformation]::VirtualScreen $bitmap = New-Object System.Drawing.Bitmap $screen.Width, $screen.Height $graphics = [System.Drawing.Graphics]::FromImage($bitmap) $graphics.CopyFromScreen($screen.Location, [System.Drawing.Point]::Empty, $screen.Size) $bitmap.Save(\"C:\Users\user\AppData\Local\Temp\desktop_screenshot.png\") ", ProcessId: 2768, ProcessName: powershell.exe

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: MkWMm5piE5.exeAvira: detected
    Multi AV Scanner detection for submitted file
    Source: MkWMm5piE5.exeReversingLabs: Detection: 42%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB61C000 PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,?PyWinSequence_Tuple@@YAPEAU_object@@PEAU1@PEAK@Z,malloc,PyErr_NoMemory,_Py_Dealloc,??1PyWinBufferView@@QEAA@XZ,memset,CertDuplicateCertificateContext,_Py_Dealloc,PyEval_SaveThread,CryptEncryptMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyExc_ValueError,PyExc_TypeError,PyErr_SetString,CertFreeCertificateContext,free,malloc,PyExc_MemoryError,PyErr_Format,PyEval_SaveThread,CryptEncryptMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,CertFreeCertificateContext,free,free,2_2_00007FFBAB61C000
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB614400 CryptDestroyKey,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,2_2_00007FFBAB614400
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB61CBD0 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,CryptGetMessageCertificates,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NewReference,PyLong_FromVoidPtr,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFBAB61CBD0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB61B3D0 PyArg_ParseTupleAndKeywords,PyList_New,PyEval_SaveThread,CryptEnumOIDInfo,PyEval_RestoreThread,_Py_Dealloc,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFBAB61B3D0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB6197B0 PyArg_ParseTupleAndKeywords,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,CryptAcquireContextW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,2_2_00007FFBAB6197B0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB6157A1 _PyArg_ParseTupleAndKeywords_SizeT,CryptGetUserKey,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFBAB6157A1
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB615890 _PyArg_ParseTupleAndKeywords_SizeT,malloc,PyExc_MemoryError,PyErr_Format,memset,memcpy,CryptGenRandom,PyBytes_FromStringAndSize,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,free,2_2_00007FFBAB615890
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB61AC80 PyArg_ParseTupleAndKeywords,PyExc_ValueError,PyErr_SetString,PyExc_TypeError,PyErr_SetString,PyArg_ParseTuple,PyLong_AsLong,PyErr_Occurred,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyBytes_AsString,PyEval_SaveThread,CryptFindOIDInfo,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFBAB61AC80
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB614880 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,PyExc_TypeError,PyErr_SetString,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,CryptEncrypt,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyErr_NoMemory,CryptEncrypt,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,free,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFBAB614880
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB615C70 _PyArg_ParseTupleAndKeywords_SizeT,CryptExportPublicKeyInfo,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,CryptExportPublicKeyInfo,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,free,2_2_00007FFBAB615C70
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB614050 PyArg_ParseTupleAndKeywords,CryptGetHashParam,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,CryptGetHashParam,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyExc_NotImplementedError,PyErr_Format,PyBytes_FromStringAndSize,PyLong_FromUnsignedLong,free,2_2_00007FFBAB614050
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB61A040 PyArg_ParseTupleAndKeywords,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,CryptFindLocalizedName,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,2_2_00007FFBAB61A040
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB614440 PyArg_ParseTupleAndKeywords,PyExc_TypeError,PyErr_SetString,CryptExportKey,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,CryptExportKey,PyBytes_FromStringAndSize,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,free,2_2_00007FFBAB614440
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB619430 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,_Py_NoneStruct,PyExc_TypeError,PyErr_SetString,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,??1PyWinBufferView@@QEAA@XZ,??1PyWinBufferView@@QEAA@XZ,_Py_NoneStruct,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,??1PyWinBufferView@@QEAA@XZ,_Py_NoneStruct,PyEval_SaveThread,CryptUnprotectData,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,PyBytes_FromStringAndSize,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,Py_BuildValue,LocalFree,LocalFree,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,2_2_00007FFBAB619430
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB613C20 PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,CryptHashData,_Py_NoneStruct,_Py_NoneStruct,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFBAB613C20
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB615020 _PyArg_ParseTupleAndKeywords_SizeT,CryptReleaseContext,_Py_NoneStruct,_Py_NoneStruct,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFBAB615020
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB613B10 CryptDestroyHash,_Py_NoneStruct,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFBAB613B10
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB614F10 CryptReleaseContext,2_2_00007FFBAB614F10
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB615B00 _Py_NoneStruct,_PyArg_ParseTupleAndKeywords_SizeT,PyExc_TypeError,PyErr_SetString,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,CryptImportKey,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFBAB615B00
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB61D2F0 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptDecryptAndVerifyMessageSignature,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyErr_NoMemory,PyEval_SaveThread,CryptDecryptAndVerifyMessageSignature,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,free,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,PyBytes_FromStringAndSize,Py_BuildValue,free,??1PyWinBufferView@@QEAA@XZ,free,CertCloseStore,free,2_2_00007FFBAB61D2F0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB61B6E0 PyArg_ParseTupleAndKeywords,PyExc_ValueError,PyErr_Format,?init@PyWinBufferView@@QEAA_NPEAU_object@@_N1@Z,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,CryptQueryObject,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,PyLong_FromVoidPtr,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,PyLong_FromVoidPtr,Py_BuildValue,??1PyWinBufferView@@QEAA@XZ,PyMem_Free,2_2_00007FFBAB61B6E0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB61D6E0 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,PyLong_AsVoidPtr,PyErr_Occurred,PyErr_Clear,PyBytes_AsString,PyExc_ValueError,PyErr_Format,_Py_NoneStruct,PyExc_NotImplementedError,PyErr_SetString,strcmp,malloc,PyExc_MemoryError,PyErr_Format,strcmp,PyExc_NotImplementedError,PyErr_Format,PyErr_Format,malloc,PyEval_SaveThread,CryptEncodeObjectEx,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,strcmp,free,LocalFree,2_2_00007FFBAB61D6E0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB6142E0 _Py_Dealloc,_Py_Dealloc,CryptDestroyKey,2_2_00007FFBAB6142E0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB613AA0 CryptDestroyHash,2_2_00007FFBAB613AA0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB619B80 PyList_New,PyEval_SaveThread,CryptEnumProviderTypesW,PyEval_RestoreThread,malloc,PyEval_SaveThread,CryptEnumProviderTypesW,PyEval_RestoreThread,_Py_NoneStruct,Py_BuildValue,PyList_Append,_Py_Dealloc,free,PyEval_SaveThread,CryptEnumProviderTypesW,PyEval_RestoreThread,GetLastError,_Py_Dealloc,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_Dealloc,free,GetLastError,free,PyExc_MemoryError,PyErr_Format,2_2_00007FFBAB619B80
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB61476B PyArg_ParseTupleAndKeywords,CryptDuplicateKey,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFBAB61476B
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB61EB70 PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptBinaryToStringW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyErr_NoMemory,PyEval_SaveThread,CryptBinaryToStringW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W_J@Z,free,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFBAB61EB70
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB613B50 PyArg_ParseTupleAndKeywords,CryptDuplicateHash,_Py_NewReference,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFBAB613B50
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB614F50 CryptReleaseContext,2_2_00007FFBAB614F50
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB61C340 PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptDecryptMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyErr_NoMemory,PyEval_SaveThread,CryptDecryptMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,free,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,PyBytes_FromStringAndSize,Py_BuildValue,free,??1PyWinBufferView@@QEAA@XZ,CertCloseStore,free,2_2_00007FFBAB61C340
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB614340 _Py_Dealloc,_Py_Dealloc,CryptDestroyKey,2_2_00007FFBAB614340
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB619F30 PyArg_ParseTupleAndKeywords,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,CryptSetProviderExW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,2_2_00007FFBAB619F30
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB613F20 PyArg_ParseTupleAndKeywords,PyExc_TypeError,PyErr_SetString,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,CryptVerifySignatureW,_Py_NoneStruct,_Py_NoneStruct,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFBAB613F20
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB614F20 CryptReleaseContext,2_2_00007FFBAB614F20
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB619DD0 PyArg_ParseTupleAndKeywords,PyEval_SaveThread,CryptGetDefaultProviderW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,PyEval_SaveThread,CryptGetDefaultProviderW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,free,2_2_00007FFBAB619DD0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB6191D0 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,_Py_NoneStruct,PyExc_TypeError,PyErr_SetString,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,??1PyWinBufferView@@QEAA@XZ,??1PyWinBufferView@@QEAA@XZ,_Py_NoneStruct,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,??1PyWinBufferView@@QEAA@XZ,??1PyWinBufferView@@QEAA@XZ,_Py_NoneStruct,PyEval_SaveThread,CryptProtectData,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,LocalFree,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,PyMem_Free,2_2_00007FFBAB6191D0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB614DD0 CryptMsgClose,_Py_Dealloc,2_2_00007FFBAB614DD0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB613DD0 PyArg_ParseTupleAndKeywords,CryptSignHashW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,CryptSignHashW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,free,2_2_00007FFBAB613DD0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB6145D0 PyArg_ParseTupleAndKeywords,CryptGetKeyParam,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,CryptGetKeyParam,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyExc_NotImplementedError,PyErr_SetString,free,2_2_00007FFBAB6145D0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB6159C0 _Py_NoneStruct,_PyArg_ParseTupleAndKeywords_SizeT,PyExc_TypeError,PyErr_SetString,CryptCreateHash,_Py_NewReference,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFBAB6159C0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB61B1B0 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,?init@PyWinBufferView@@QEAA_NPEAU_object@@_N1@Z,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyList_New,PyEval_SaveThread,CryptEnumKeyIdentifierProperties,PyEval_RestoreThread,_Py_Dealloc,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,??1PyWinBufferView@@QEAA@XZ,PyMem_Free,2_2_00007FFBAB61B1B0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB61C5B0 PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptSignAndEncryptMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,PyEval_SaveThread,CryptSignAndEncryptMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,CertFreeCertificateContext,free,CertFreeCertificateContext,free,free,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFBAB61C5B0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB615DB0 _PyArg_ParseTupleAndKeywords_SizeT,PyExc_TypeError,PyErr_SetString,_PyArg_ParseTupleAndKeywords_SizeT,CryptImportPublicKeyInfo,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFBAB615DB0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB61BA90 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptDecodeMessage,PyEval_RestoreThread,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,??1PyWinBufferView@@QEAA@XZ,free,CertCloseStore,free,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,_Py_NoneStruct,Py_BuildValue,malloc,PyErr_NoMemory,PyEval_SaveThread,CryptDecodeMessage,PyEval_RestoreThread,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,free,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,PyBytes_FromStringAndSize,Py_BuildValue,free,CertFreeCertificateContext,CertFreeCertificateContext,2_2_00007FFBAB61BA90
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB614290 _Py_Dealloc,_Py_Dealloc,CryptDestroyKey,2_2_00007FFBAB614290
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB614E70 CryptMsgClose,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,2_2_00007FFBAB614E70
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB613A70 CryptDestroyHash,2_2_00007FFBAB613A70
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB613A60 CryptDestroyHash,2_2_00007FFBAB613A60
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB614A50 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,PyExc_TypeError,PyErr_SetString,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,malloc,PyErr_NoMemory,memcpy,CryptDecrypt,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,free,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFBAB614A50
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB61CE40 PyArg_ParseTupleAndKeywords,PyEval_SaveThread,CryptSignMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,PyEval_SaveThread,CryptSignMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,CertFreeCertificateContext,free,free,free,free,2_2_00007FFBAB61CE40
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB61AE30 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,CryptGetKeyIdentifierProperty,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyExc_NotImplementedError,PyErr_SetString,LocalFree,??1PyWinBufferView@@QEAA@XZ,PyMem_Free,2_2_00007FFBAB61AE30
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB613D10 PyArg_ParseTupleAndKeywords,PyExc_TypeError,PyErr_SetString,CryptHashSessionKey,_Py_NoneStruct,_Py_NoneStruct,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFBAB613D10
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB61ED00 PyArg_ParseTupleAndKeywords,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,CryptStringToBinaryW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,PyEval_SaveThread,CryptStringToBinaryW,PyEval_RestoreThread,_Py_Dealloc,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,Py_BuildValue,PyMem_Free,2_2_00007FFBAB61ED00
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB61D0F0 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptVerifyDetachedMessageSignature,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,free,free,??1PyWinBufferView@@QEAA@XZ,free,2_2_00007FFBAB61D0F0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB61C8D0 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptVerifyMessageSignature,PyEval_RestoreThread,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,_Py_NoneStruct,Py_BuildValue,malloc,PyErr_NoMemory,PyEval_SaveThread,CryptVerifyMessageSignature,PyEval_RestoreThread,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,PyBytes_FromStringAndSize,Py_BuildValue,free,CertFreeCertificateContext,??1PyWinBufferView@@QEAA@XZ,free,2_2_00007FFBAB61C8D0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB6150A0 _PyArg_ParseTupleAndKeywords_SizeT,CryptGenKey,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFBAB6150A0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB615180 _PyArg_ParseTupleAndKeywords_SizeT,CryptGetProvParam,malloc,PyExc_MemoryError,PyErr_Format,CryptGetProvParam,PyExc_NotImplementedError,PyErr_SetString,free,CryptGetProvParam,PyBool_FromLong,PyList_New,CryptGetProvParam,?PyWinCoreString_FromString@@YAPEAU_object@@PEBD_J@Z,?PyWinCoreString_FromString@@YAPEAU_object@@PEBD_J@Z,_Py_BuildValue_SizeT,PyList_Append,_Py_Dealloc,CryptGetProvParam,_Py_Dealloc,CryptGetProvParam,GetLastError,malloc,PyList_New,CryptGetProvParam,?PyWinCoreString_FromString@@YAPEAU_object@@PEBD_J@Z,PyList_Append,_Py_Dealloc,CryptGetProvParam,_Py_Dealloc,GetLastError,_Py_Dealloc,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,free,PyList_New,CryptGetProvParam,?PyWinCoreString_FromString@@YAPEAU_object@@PEBD_J@Z,_Py_BuildValue_SizeT,PyList_Append,_Py_Dealloc,CryptGetProvParam,_Py_Dealloc,GetLastError,_Py_Dealloc,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFBAB615180
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB614D80 CryptMsgClose,_Py_Dealloc,2_2_00007FFBAB614D80
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB61E570 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,PyLong_AsVoidPtr,PyErr_Occurred,PyErr_Clear,PyBytes_AsString,PyExc_ValueError,PyErr_Format,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,_Py_NoneStruct,PyExc_ValueError,PyErr_SetString,PyEval_SaveThread,CryptFormatObject,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,PyEval_SaveThread,CryptFormatObject,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,free,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFBAB61E570
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB61CD50 PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptGetMessageSignerCount,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyLong_FromLong,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFBAB61CD50
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB612D50 PyExc_ValueError,PyErr_SetString,PyArg_ParseTupleAndKeywords,PyEval_SaveThread,CryptAcquireCertificatePrivateKey,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,CryptContextAddRef,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NewReference,Py_BuildValue,2_2_00007FFBAB612D50
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB619940 PyList_New,PyEval_SaveThread,CryptEnumProvidersW,PyEval_RestoreThread,malloc,PyEval_SaveThread,CryptEnumProvidersW,PyEval_RestoreThread,Py_BuildValue,PyList_Append,_Py_Dealloc,free,PyEval_SaveThread,CryptEnumProvidersW,PyEval_RestoreThread,GetLastError,_Py_Dealloc,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_Dealloc,free,GetLastError,free,PyExc_MemoryError,PyErr_Format,2_2_00007FFBAB619940
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB614D40 CryptMsgClose,_Py_Dealloc,2_2_00007FFBAB614D40
    Source: MkWMm5piE5.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: MkWMm5piE5.exe, 00000002.00000002.3309361829.00007FFBAABC3000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: MkWMm5piE5.exe, 00000002.00000002.3312079895.00007FFBAB16F000.00000002.00000001.01000000.00000019.sdmp
    Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 3.0.11 19 Sep 20233.0.11built on: Wed Sep 27 22:33:28 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_push_octet_ptrOSSL_PARAM_BLD_to_param..\s\crypto\params.c source: MkWMm5piE5.exe, 00000002.00000002.3308830462.00007FFBAA662000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: MkWMm5piE5.exe, 00000002.00000002.3308830462.00007FFBAA662000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: MkWMm5piE5.exe, 00000002.00000002.3307886842.00007FFBA96F3000.00000002.00000001.01000000.0000001F.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: MkWMm5piE5.exe, 00000000.00000003.1464103716.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3315622591.00007FFBB69A6000.00000002.00000001.01000000.00000014.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: MkWMm5piE5.exe, 00000000.00000003.1462396241.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3316553027.00007FFBBCD53000.00000002.00000001.01000000.00000005.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb source: win32api.pyd.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: MkWMm5piE5.exe, 00000000.00000003.1462396241.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3316553027.00007FFBBCD53000.00000002.00000001.01000000.00000005.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: MkWMm5piE5.exe, 00000002.00000002.3308324125.00007FFBAA27C000.00000002.00000001.01000000.0000001B.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb** source: MkWMm5piE5.exe, 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: MkWMm5piE5.exe, 00000000.00000003.1464023512.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: MkWMm5piE5.exe, 00000000.00000003.1462538138.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3315406946.00007FFBB5CB5000.00000002.00000001.01000000.0000001E.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: MkWMm5piE5.exe, 00000000.00000003.1478907816.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3315866113.00007FFBBB553000.00000002.00000001.01000000.0000000D.sdmp, select.pyd.0.dr
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb source: MkWMm5piE5.exe, 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb!! source: win32api.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: MkWMm5piE5.exe, 00000002.00000002.3316398782.00007FFBBB641000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: MkWMm5piE5.exe, 00000000.00000003.1463782930.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3313502126.00007FFBAB697000.00000002.00000001.01000000.00000016.sdmp
    Source: Binary string: D:\a\1\b\libssl-3.pdbEE source: MkWMm5piE5.exe, 00000002.00000002.3314149842.00007FFBAB795000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32crypt.pdb source: MkWMm5piE5.exe, 00000002.00000002.3312851942.00007FFBAB621000.00000002.00000001.01000000.0000001C.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: MkWMm5piE5.exe, 00000000.00000003.1463898916.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3316116617.00007FFBBB5FC000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: MkWMm5piE5.exe, 00000000.00000003.1463076253.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3313861592.00007FFBAB6F8000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: crypto\stack\stack.cOPENSSL_sk_dupOPENSSL_sk_deep_copysk_reserveOPENSSL_sk_new_reserveOPENSSL_sk_reserveOPENSSL_sk_insertOPENSSL_sk_seti=%dcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC3.1.4built on: Fri Nov 24 00:12:45 2023 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptoOPENSSL_atexitcrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: MkWMm5piE5.exe, 00000002.00000002.3307886842.00007FFBA96F3000.00000002.00000001.01000000.0000001F.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32crypt.pdb!! source: MkWMm5piE5.exe, 00000002.00000002.3312851942.00007FFBAB621000.00000002.00000001.01000000.0000001C.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: MkWMm5piE5.exe, 00000002.00000002.3313676473.00007FFBAB6D2000.00000002.00000001.01000000.00000015.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: MkWMm5piE5.exe, 00000000.00000003.1464200822.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3315745742.00007FFBB7EE3000.00000002.00000001.01000000.0000000E.sdmp
    Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-7t032bmh\src\rust\target\release\deps\cryptography_rust.pdbcQ source: MkWMm5piE5.exe, 00000002.00000002.3307886842.00007FFBA96F3000.00000002.00000001.01000000.0000001F.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: MkWMm5piE5.exe, 00000000.00000003.1463898916.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3316116617.00007FFBBB5FC000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: MkWMm5piE5.exe, 00000000.00000003.1463182257.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3316274348.00007FFBBB61D000.00000002.00000001.01000000.00000009.sdmp
    Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-7t032bmh\src\rust\target\release\deps\cryptography_rust.pdb source: MkWMm5piE5.exe, 00000002.00000002.3307886842.00007FFBA96F3000.00000002.00000001.01000000.0000001F.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: MkWMm5piE5.exe, 00000000.00000003.1464712566.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3315989662.00007FFBBB5D4000.00000002.00000001.01000000.0000000B.sdmp, _wmi.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: MkWMm5piE5.exe, 00000000.00000003.1464295337.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3314923690.00007FFBB4C49000.00000002.00000001.01000000.0000000C.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: MkWMm5piE5.exe, 00000000.00000003.1464712566.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3315989662.00007FFBBB5D4000.00000002.00000001.01000000.0000000B.sdmp, _wmi.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: MkWMm5piE5.exe, 00000002.00000002.3313059220.00007FFBAB64F000.00000002.00000001.01000000.0000001A.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: MkWMm5piE5.exe, 00000000.00000003.1472101966.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3304316895.000001D39CD10000.00000002.00000001.01000000.00000006.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: MkWMm5piE5.exe, 00000000.00000003.1462538138.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3315406946.00007FFBB5CB5000.00000002.00000001.01000000.0000001E.sdmp
    Source: Binary string: D:\a\1\b\libssl-3.pdb source: MkWMm5piE5.exe, 00000002.00000002.3314149842.00007FFBAB795000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: X509_SIGPKCS8_encrypt_excrypto\pkcs12\p12_p8e.cPKCS8_set0_pbe_excompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: MkWMm5piE5.exe, 00000002.00000002.3307886842.00007FFBA96F3000.00000002.00000001.01000000.0000001F.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: MkWMm5piE5.exe, 00000002.00000002.3314451260.00007FFBAB7ED000.00000002.00000001.01000000.00000010.sdmp
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331D88D0 FindFirstFileExW,FindClose,0_2_00007FF6331D88D0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331E7E4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF6331E7E4C
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331E7E4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF6331E7E4C
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331F1EE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6331F1EE4
    Source: Joe Sandbox ViewIP Address: 34.224.200.202 34.224.200.202
    Source: Joe Sandbox ViewIP Address: 82.180.136.22 82.180.136.22
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficDNS traffic detected: DNS query: busquedasxurl.com
    Source: global trafficDNS traffic detected: DNS query: httpbin.org
    Source: MkWMm5piE5.exe, 00000002.00000003.2102539379.000001D39E261000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103511502.000001D39E262000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpe
    Source: MkWMm5piE5.exe, 00000002.00000002.3306613004.000001D39EA80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
    Source: MkWMm5piE5.exe, 00000002.00000002.3305668707.000001D39DCF0000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1498548728.000001D39D6F9000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1497824303.000001D39D6F9000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1496471397.000001D39D6F9000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1494121201.000001D39D6DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aka.ms/vcpython27
    Source: MkWMm5piE5.exe, 00000002.00000003.2102539379.000001D39E279000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D79C000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102480459.000001D39D9A5000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2104494601.000001D39D96E000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7C5000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103511502.000001D39E281000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306278151.000001D39E281000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305340334.000001D39D96E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
    Source: MkWMm5piE5.exe, 00000000.00000003.1463623152.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.co
    Source: MkWMm5piE5.exe, 00000000.00000003.1478907816.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463898916.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463461461.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1472101966.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463076253.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463782930.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC847000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464427612.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464023512.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463623152.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1473310810.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464103716.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463182257.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471490078.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471266886.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464712566.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC840000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464295337.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464580671.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471891598.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: MkWMm5piE5.exe, 00000000.00000003.1478907816.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463898916.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463461461.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1472101966.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463076253.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463782930.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC847000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464427612.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464023512.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463623152.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1473310810.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464103716.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463182257.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471490078.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471266886.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464712566.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC840000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464295337.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464580671.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471891598.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
    Source: MkWMm5piE5.exe, 00000000.00000003.1478907816.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463898916.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463461461.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1472101966.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463076253.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463782930.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464427612.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464023512.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463623152.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1473310810.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464103716.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463182257.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471490078.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471266886.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464712566.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC840000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464295337.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464580671.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471891598.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464200822.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: MkWMm5piE5.exe, 00000000.00000003.1478907816.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463898916.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463461461.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1472101966.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463076253.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463782930.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464427612.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464023512.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463623152.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1473310810.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464103716.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463182257.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471490078.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471266886.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464712566.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC840000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464295337.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464580671.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471891598.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464200822.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: MkWMm5piE5.exe, 00000002.00000003.1494869483.000001D39D19F000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D5B0000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306094647.000001D39E1B2000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3304676440.000001D39D190000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
    Source: MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577916/
    Source: MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D5B0000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102539379.000001D39E279000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103278667.000001D39E402000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306411530.000001D39E402000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103511502.000001D39E281000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306278151.000001D39E281000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102966546.000001D39E3FE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102887316.000001D39E377000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305340334.000001D39D931000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
    Source: MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306335363.000001D39E2F8000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3304382805.000001D39CD30000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
    Source: MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D69C000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D6F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
    Source: MkWMm5piE5.exe, 00000002.00000003.2102539379.000001D39E279000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103511502.000001D39E281000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306278151.000001D39E281000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
    Source: MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crld
    Source: MkWMm5piE5.exe, 00000002.00000003.2103278667.000001D39E402000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306411530.000001D39E402000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306278151.000001D39E281000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102966546.000001D39E3FE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102887316.000001D39E377000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305340334.000001D39D931000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
    Source: MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D5B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
    Source: MkWMm5piE5.exe, 00000002.00000003.2102539379.000001D39E279000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103511502.000001D39E281000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306278151.000001D39E281000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0j0
    Source: MkWMm5piE5.exe, 00000002.00000003.2104686859.000001D39E317000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103180787.000001D39E316000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306335363.000001D39E2F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
    Source: MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D79C000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102480459.000001D39D9A5000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7C5000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305340334.000001D39D96E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
    Source: MkWMm5piE5.exe, 00000002.00000002.3306335363.000001D39E2F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
    Source: MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D79C000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
    Source: MkWMm5piE5.exe, 00000002.00000003.2104686859.000001D39E317000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103180787.000001D39E316000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306335363.000001D39E2F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
    Source: MkWMm5piE5.exe, 00000002.00000003.2102539379.000001D39E279000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306335363.000001D39E2F8000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2104645289.000001D39E35F000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103511502.000001D39E281000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102941796.000001D39E359000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
    Source: MkWMm5piE5.exe, 00000000.00000003.1464580671.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digi
    Source: MkWMm5piE5.exe, 00000000.00000003.1478907816.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463898916.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463461461.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1472101966.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463076253.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463782930.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC847000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464427612.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464023512.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463623152.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1473310810.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464103716.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463182257.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471490078.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471266886.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464712566.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC840000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464295337.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464580671.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471891598.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: MkWMm5piE5.exe, 00000000.00000003.1478907816.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463898916.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463461461.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1472101966.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463076253.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463782930.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC847000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464427612.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464023512.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463623152.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1473310810.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464103716.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463182257.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471490078.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471266886.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464712566.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC840000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464295337.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464580671.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471891598.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
    Source: MkWMm5piE5.exe, 00000000.00000003.1478907816.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463898916.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463461461.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1472101966.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463076253.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463782930.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464427612.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464023512.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463623152.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1473310810.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464103716.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463182257.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471490078.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471266886.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464712566.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC840000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464295337.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464580671.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471891598.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464200822.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: select.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: MkWMm5piE5.exe, 00000000.00000003.1478907816.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463898916.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463461461.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1472101966.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463076253.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463782930.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC847000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464427612.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464023512.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463623152.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1473310810.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464103716.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463182257.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471490078.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471266886.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464712566.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC840000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464295337.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464580671.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471891598.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
    Source: MkWMm5piE5.exe, 00000002.00000003.2102539379.000001D39E279000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103511502.000001D39E281000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306278151.000001D39E281000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
    Source: MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D79C000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2104494601.000001D39D96E000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7C5000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305340334.000001D39D96E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
    Source: MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102480459.000001D39D9A5000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305340334.000001D39D96E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
    Source: MkWMm5piE5.exe, 00000002.00000003.2104494601.000001D39D93F000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306131061.000001D39E206000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306691658.000001D39EC58000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D69C000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306879761.000001D39ECE0000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306613004.000001D39EA80000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306533126.000001D39E980000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306691658.000001D39EBE4000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305340334.000001D39D931000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
    Source: MkWMm5piE5.exe, 00000002.00000002.3306613004.000001D39EA80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
    Source: MkWMm5piE5.exe, 00000002.00000003.1498157568.000001D39D838000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305746088.000001D39DE50000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1497047761.000001D39D838000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
    Source: MkWMm5piE5.exe, 00000002.00000003.1498157568.000001D39D838000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305746088.000001D39DE50000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1497047761.000001D39D838000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
    Source: MkWMm5piE5.exe, 00000002.00000002.3305859866.000001D39DF70000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1498157568.000001D39D838000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1497047761.000001D39D838000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate
    Source: MkWMm5piE5.exe, 00000002.00000002.3305511919.000001D39DAC0000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305937311.000001D39E070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/itertools.html#recipes
    Source: MkWMm5piE5.exe, 00000002.00000003.1498548728.000001D39D6F9000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1497824303.000001D39D6F9000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D6F9000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1496471397.000001D39D6F9000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1494121201.000001D39D70E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/unittest.html
    Source: MkWMm5piE5.exe, 00000002.00000002.3305511919.000001D39DAC0000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305937311.000001D39E070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tar.gz
    Source: MkWMm5piE5.exe, 00000002.00000002.3305511919.000001D39DAC0000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305937311.000001D39E070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tgz
    Source: MkWMm5piE5.exe, 00000002.00000002.3305340334.000001D39D8FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
    Source: MkWMm5piE5.exe, 00000002.00000002.3305340334.000001D39D8FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
    Source: MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D79C000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7C5000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D67D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
    Source: powershell.exe, 00000003.00000002.1637110532.000001A1D1BD2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1637110532.000001A1D1A8F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1621511003.000001A1C3316000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
    Source: MkWMm5piE5.exe, 00000002.00000002.3306335363.000001D39E38C000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2104046662.000001D39E390000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103257249.000001D39E38F000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103156560.000001D39E382000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102887316.000001D39E377000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
    Source: MkWMm5piE5.exe, 00000002.00000002.3306335363.000001D39E38C000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102989192.000001D39E398000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102887316.000001D39E377000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
    Source: MkWMm5piE5.exe, 00000000.00000003.1464427612.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.di
    Source: MkWMm5piE5.exe, 00000000.00000003.1478907816.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463898916.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463461461.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1472101966.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463076253.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463782930.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC847000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464427612.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464023512.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463623152.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1473310810.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464103716.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463182257.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471490078.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471266886.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464712566.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC840000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464295337.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464580671.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471891598.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
    Source: MkWMm5piE5.exe, 00000000.00000003.1478907816.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463898916.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463461461.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1472101966.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463076253.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463782930.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464427612.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464023512.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463623152.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1473310810.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464103716.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463182257.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471490078.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471266886.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464712566.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC840000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464295337.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464580671.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471891598.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464200822.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
    Source: MkWMm5piE5.exe, 00000000.00000003.1478907816.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463898916.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463461461.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1472101966.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463076253.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463782930.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC847000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464427612.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464023512.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463623152.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1473310810.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464103716.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463182257.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471490078.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471266886.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464712566.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC840000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464295337.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464580671.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471891598.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
    Source: MkWMm5piE5.exe, 00000000.00000003.1478907816.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463898916.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463461461.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1472101966.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463076253.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463782930.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464427612.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464023512.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463623152.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1473310810.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464103716.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463182257.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471490078.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471266886.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464712566.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC840000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464295337.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464580671.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471891598.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464200822.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: MkWMm5piE5.exe, 00000002.00000002.3305937311.000001D39E070000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305859866.000001D39DF70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
    Source: powershell.exe, 00000003.00000002.1621511003.000001A1C1C52000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1621511003.000001A1C31D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
    Source: MkWMm5piE5.exe, 00000002.00000002.3306131061.000001D39E206000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102539379.000001D39E21A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D6F9000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305340334.000001D39D8FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
    Source: MkWMm5piE5.exe, 00000002.00000002.3306131061.000001D39E206000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/La
    Source: MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D6F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/ca
    Source: MkWMm5piE5.exe, 00000002.00000002.3306131061.000001D39E206000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102539379.000001D39E21A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/p
    Source: powershell.exe, 00000003.00000002.1621511003.000001A1C1A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    Source: MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D79C000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7C5000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4880
    Source: MkWMm5piE5.exe, 00000002.00000002.3306879761.000001D39ECE0000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306691658.000001D39EBE4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5297
    Source: MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D5B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5869
    Source: MkWMm5piE5.exe, 00000002.00000002.3306613004.000001D39EA80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
    Source: MkWMm5piE5.exe, 00000002.00000003.2104686859.000001D39E317000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103180787.000001D39E316000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306335363.000001D39E2F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
    Source: MkWMm5piE5.exe, 00000002.00000002.3306335363.000001D39E38C000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2104046662.000001D39E390000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102989192.000001D39E398000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103257249.000001D39E38F000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103156560.000001D39E382000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102887316.000001D39E377000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
    Source: MkWMm5piE5.exe, 00000002.00000003.2104046662.000001D39E390000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D6F9000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103257249.000001D39E38F000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103156560.000001D39E382000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102887316.000001D39E377000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
    Source: MkWMm5piE5.exe, 00000002.00000002.3306335363.000001D39E38C000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102989192.000001D39E398000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102887316.000001D39E377000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
    Source: MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D6F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crle
    Source: MkWMm5piE5.exe, 00000002.00000002.3306461678.000001D39E425000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2104279532.000001D39E372000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103074553.000001D39E370000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102941796.000001D39E359000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
    Source: MkWMm5piE5.exe, 00000002.00000002.3306335363.000001D39E38C000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102989192.000001D39E398000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102887316.000001D39E377000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
    Source: MkWMm5piE5.exe, 00000002.00000003.2104279532.000001D39E372000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103074553.000001D39E370000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102941796.000001D39E359000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htms
    Source: MkWMm5piE5.exe, 00000002.00000002.3306335363.000001D39E38C000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306461678.000001D39E425000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2104279532.000001D39E372000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102989192.000001D39E398000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103074553.000001D39E370000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102887316.000001D39E377000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102941796.000001D39E359000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
    Source: powershell.exe, 00000003.00000002.1621511003.000001A1C31D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
    Source: powershell.exe, 00000003.00000002.1621511003.000001A1C1C52000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1621511003.000001A1C31D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
    Source: MkWMm5piE5.exe, 00000002.00000002.3305746088.000001D39DE50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
    Source: MkWMm5piE5.exe, 00000002.00000002.3305340334.000001D39D931000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
    Source: MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/w
    Source: MkWMm5piE5.exe, 00000002.00000003.2102539379.000001D39E279000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103511502.000001D39E281000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306278151.000001D39E281000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
    Source: MkWMm5piE5.exe, 00000000.00000003.1478907816.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463898916.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463461461.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1472101966.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463076253.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463782930.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC847000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464427612.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464023512.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463623152.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1473310810.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464103716.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1463182257.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471490078.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471266886.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464712566.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1469292269.0000020DCC840000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464295337.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1464580671.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1471891598.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
    Source: MkWMm5piE5.exe, 00000002.00000002.3306461678.000001D39E425000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3304676440.000001D39D190000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2104686859.000001D39E314000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
    Source: MkWMm5piE5.exe, 00000002.00000003.1495499110.000001D39D838000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1498157568.000001D39D838000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1496290619.000001D39D848000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1497047761.000001D39D838000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
    Source: MkWMm5piE5.exe, 00000002.00000002.3306335363.000001D39E2F8000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102941796.000001D39E359000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
    Source: MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D5B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
    Source: MkWMm5piE5.exe, 00000002.00000003.2104686859.000001D39E317000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103180787.000001D39E316000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306335363.000001D39E2F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/info/rfc7253
    Source: MkWMm5piE5.exe, 00000002.00000002.3306335363.000001D39E2F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
    Source: MkWMm5piE5.exe, 00000002.00000002.3306094647.000001D39E1B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
    Source: powershell.exe, 00000003.00000002.1621511003.000001A1C1A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
    Source: MkWMm5piE5.exe, 00000002.00000002.3305937311.000001D39E070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
    Source: MkWMm5piE5.exe, 00000002.00000003.2104494601.000001D39D96E000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305340334.000001D39D96E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/botz
    Source: MkWMm5piE5.exe, 00000002.00000002.3305435168.000001D39D9B0000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3304955061.000001D39D4B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue44497.
    Source: MkWMm5piE5.exe, 00000002.00000002.3305937311.000001D39E070000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2104494601.000001D39D96E000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305340334.000001D39D96E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://busquedasxurl.com/login/conexion/bloqueadoreslogs.php?ip=
    Source: MkWMm5piE5.exe, 00000002.00000002.3306691658.000001D39EBE4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://busquedasxurl.com/login/conexion/recibidor.php
    Source: MkWMm5piE5.exe, MkWMm5piE5.exe, 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
    Source: powershell.exe, 00000003.00000002.1621511003.000001A1C3316000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
    Source: powershell.exe, 00000003.00000002.1621511003.000001A1C3316000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
    Source: powershell.exe, 00000003.00000002.1621511003.000001A1C3316000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
    Source: MkWMm5piE5.exe, 00000000.00000003.1466293181.0000020DCC83D000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io
    Source: METADATA.0.drString found in binary or memory: https://cryptography.io/
    Source: MkWMm5piE5.exe, 00000000.00000003.1466293181.0000020DCC83D000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/changelog/
    Source: MkWMm5piE5.exe, 00000002.00000002.3307886842.00007FFBA96F3000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file
    Source: MkWMm5piE5.exe, 00000000.00000003.1466293181.0000020DCC83D000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/installation/
    Source: MkWMm5piE5.exe, 00000000.00000003.1466293181.0000020DCC83D000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/security/
    Source: MkWMm5piE5.exe, 00000002.00000002.3304382805.000001D39CD81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
    Source: MkWMm5piE5.exe, 00000002.00000002.3304676440.000001D39D190000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/multiprocessing.html
    Source: MkWMm5piE5.exe, 00000002.00000002.3306613004.000001D39EA80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
    Source: MkWMm5piE5.exe, 00000002.00000002.3306533126.000001D39E980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
    Source: MkWMm5piE5.exe, 00000002.00000002.3305511919.000001D39DAC0000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306533126.000001D39E980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
    Source: MkWMm5piE5.exe, 00000002.00000003.2104494601.000001D39D96E000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305340334.000001D39D96E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
    Source: powershell.exe, 00000003.00000002.1621511003.000001A1C1C52000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1621511003.000001A1C31D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
    Source: MkWMm5piE5.exe, 00000002.00000002.3304382805.000001D39CD30000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3303883410.000001D39B307000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
    Source: MkWMm5piE5.exe, 00000002.00000002.3305511919.000001D39DAC0000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305859866.000001D39DF70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
    Source: MkWMm5piE5.exe, MkWMm5piE5.exe, 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmp, MkWMm5piE5.exe, 00000002.00000002.3312900685.00007FFBAB62E000.00000002.00000001.01000000.0000001C.sdmp, win32api.pyd.0.drString found in binary or memory: https://github.com/mhammond/pywin32
    Source: MkWMm5piE5.exe, 00000002.00000002.3305937311.000001D39E070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/platformdirs/platformdirs
    Source: MkWMm5piE5.exe, 00000000.00000003.1466293181.0000020DCC83D000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography
    Source: MkWMm5piE5.exe, 00000000.00000003.1466293181.0000020DCC83D000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/
    Source: MkWMm5piE5.exe, 00000000.00000003.1466293181.0000020DCC83D000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
    Source: METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/issues
    Source: MkWMm5piE5.exe, 00000002.00000002.3307886842.00007FFBA96F3000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues/8996
    Source: MkWMm5piE5.exe, 00000000.00000003.1466293181.0000020DCC83D000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
    Source: MkWMm5piE5.exe, 00000002.00000002.3306533126.000001D39E980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
    Source: MkWMm5piE5.exe, 00000002.00000002.3305435168.000001D39D9B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
    Source: MkWMm5piE5.exe, 00000002.00000002.3304588455.000001D39D090000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
    Source: MkWMm5piE5.exe, 00000002.00000002.3304149840.000001D39CC7C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
    Source: MkWMm5piE5.exe, 00000002.00000002.3303883410.000001D39B307000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
    Source: MkWMm5piE5.exe, 00000002.00000002.3304382805.000001D39CD30000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3303883410.000001D39B307000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
    Source: MkWMm5piE5.exe, 00000002.00000003.1489798578.000001D39D2A8000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1494869483.000001D39D19F000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3304676440.000001D39D190000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1492098077.000001D39D2A4000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1490907301.000001D39D2A7000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1488732826.000001D39D2A8000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1489740790.000001D39D19B000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1488570288.000001D39D35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
    Source: MkWMm5piE5.exe, 00000002.00000002.3305435168.000001D39D9B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/issues/396
    Source: MkWMm5piE5.exe, 00000002.00000002.3305435168.000001D39D9B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/issues/396p
    Source: MkWMm5piE5.exe, 00000002.00000002.3304382805.000001D39CD30000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3303883410.000001D39B307000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
    Source: MkWMm5piE5.exe, 00000002.00000002.3306533126.000001D39E980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
    Source: MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102539379.000001D39E21A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
    Source: MkWMm5piE5.exe, 00000002.00000002.3306533126.000001D39E980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
    Source: powershell.exe, 00000003.00000002.1621511003.000001A1C2652000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
    Source: MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
    Source: MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D79C000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7C5000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
    Source: MkWMm5piE5.exe, 00000002.00000002.3305340334.000001D39D8FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
    Source: MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
    Source: MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
    Source: MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
    Source: MkWMm5piE5.exe, 00000002.00000002.3307104180.000001D39EF24000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/ip
    Source: MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
    Source: MkWMm5piE5.exe, 00000000.00000003.1466293181.0000020DCC83D000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
    Source: MkWMm5piE5.exe, 00000002.00000002.3304955061.000001D39D4B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
    Source: MkWMm5piE5.exe, 00000002.00000003.1494121201.000001D39D70E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
    Source: MkWMm5piE5.exe, 00000002.00000003.2104494601.000001D39D96E000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305340334.000001D39D96E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
    Source: MkWMm5piE5.exe, 00000000.00000003.1466293181.0000020DCC83D000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
    Source: powershell.exe, 00000003.00000002.1637110532.000001A1D1BD2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1637110532.000001A1D1A8F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1621511003.000001A1C3316000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
    Source: MkWMm5piE5.exe, 00000002.00000002.3306335363.000001D39E2F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
    Source: powershell.exe, 00000003.00000002.1621511003.000001A1C31D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.org
    Source: powershell.exe, 00000003.00000002.1621511003.000001A1C31D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.orgX
    Source: MkWMm5piE5.exe, 00000002.00000002.3305589236.000001D39DBE0000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1496109125.000001D39D2B3000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1494869483.000001D39D2B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.
    Source: MkWMm5piE5.exe, 00000002.00000002.3305668707.000001D39DCF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/
    Source: MkWMm5piE5.exe, 00000002.00000002.3304382805.000001D39CD81000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1495048750.000001D39CE16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/declaring-project-metadata/
    Source: MkWMm5piE5.exe, 00000002.00000002.3305589236.000001D39DBE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/
    Source: MkWMm5piE5.exe, 00000002.00000002.3305435168.000001D39D9B0000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3304955061.000001D39D4B0000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1491549762.000001D39D604000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
    Source: MkWMm5piE5.exe, 00000002.00000002.3304871002.000001D39D3B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0205/
    Source: MkWMm5piE5.exe, 00000002.00000002.3309361829.00007FFBAABC3000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://peps.python.org/pep-0263/
    Source: MkWMm5piE5.exe, 00000002.00000002.3305668707.000001D39DCF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0685/
    Source: MkWMm5piE5.exe, 00000002.00000002.3305511919.000001D39DAC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/build/).
    Source: MkWMm5piE5.exe, 00000000.00000003.1466293181.0000020DCC83D000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://pypi.org/project/cryptography/
    Source: MkWMm5piE5.exe, 00000000.00000003.1466293181.0000020DCC83D000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
    Source: MkWMm5piE5.exe, 00000002.00000002.3305511919.000001D39DAC0000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306533126.000001D39E980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
    Source: MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306691658.000001D39EBE4000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
    Source: MkWMm5piE5.exe, 00000002.00000002.3306691658.000001D39EBE4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.ioxe
    Source: MkWMm5piE5.exe, 00000002.00000002.3305589236.000001D39DBE0000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1494869483.000001D39D214000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/
    Source: MkWMm5piE5.exe, 00000002.00000003.1498329355.000001D39D7F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html
    Source: MkWMm5piE5.exe, 00000002.00000003.1498291053.000001D39D92C000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3304676440.000001D39D190000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1498081248.000001D39D89C000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1498329355.000001D39D7F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
    Source: MkWMm5piE5.exe, 00000002.00000002.3305937311.000001D39E070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages
    Source: MkWMm5piE5.exe, 00000002.00000003.1498329355.000001D39D7F6000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1498049998.000001D39D93F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr#
    Source: MkWMm5piE5.exe, 00000002.00000003.1498329355.000001D39D7F6000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1498049998.000001D39D93F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr#r$Nrjr
    Source: MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D79C000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
    Source: MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D79C000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102480459.000001D39D9A5000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2104494601.000001D39D96E000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7C5000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305340334.000001D39D96E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3610
    Source: MkWMm5piE5.exe, 00000002.00000003.2102539379.000001D39E279000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103511502.000001D39E281000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306278151.000001D39E281000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5297
    Source: MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
    Source: MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3304382805.000001D39CD81000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: MkWMm5piE5.exe, 00000002.00000002.3305435168.000001D39D9B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://upload.pypi.org/legacy/
    Source: MkWMm5piE5.exe, 00000002.00000002.3306613004.000001D39EA80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
    Source: MkWMm5piE5.exe, 00000002.00000002.3306613004.000001D39EA80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
    Source: MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz
    Source: MkWMm5piE5.exe, 00000000.00000003.1465897053.0000020DCC83D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/
    Source: MkWMm5piE5.exe, 00000000.00000003.1465897053.0000020DCC83D000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1465864628.0000020DCC848000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1465970206.0000020DCC848000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
    Source: MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
    Source: MkWMm5piE5.exe, 00000000.00000003.1471490078.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3309098792.00007FFBAA7A3000.00000002.00000001.01000000.00000011.sdmp, MkWMm5piE5.exe, 00000002.00000002.3314248463.00007FFBAB7D0000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://www.openssl.org/H
    Source: MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
    Source: MkWMm5piE5.exe, 00000002.00000003.2104494601.000001D39D96E000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305340334.000001D39D96E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
    Source: MkWMm5piE5.exe, 00000002.00000002.3304149840.000001D39CC00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
    Source: MkWMm5piE5.exe, 00000002.00000002.3309722676.00007FFBAAD3B000.00000008.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.python.org/psf/license/
    Source: MkWMm5piE5.exe, 00000002.00000002.3309361829.00007FFBAABC3000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.python.org/psf/license/)
    Source: MkWMm5piE5.exe, 00000002.00000002.3305340334.000001D39D931000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102941796.000001D39E359000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
    Source: MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D5B0000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102539379.000001D39E279000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103511502.000001D39E281000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306278151.000001D39E281000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
    Source: MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D79C000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7C5000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB615B00 _Py_NoneStruct,_PyArg_ParseTupleAndKeywords_SizeT,PyExc_TypeError,PyErr_SetString,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,CryptImportKey,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFBAB615B00
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331F63700_2_00007FF6331F6370
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331F72BC0_2_00007FF6331F72BC
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331D79500_2_00007FF6331D7950
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331E7C980_2_00007FF6331E7C98
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331EE4B00_2_00007FF6331EE4B0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331E1C900_2_00007FF6331E1C90
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331EA4300_2_00007FF6331EA430
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331E22A40_2_00007FF6331E22A4
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331E1A840_2_00007FF6331E1A84
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331F42800_2_00007FF6331F4280
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331F0F380_2_00007FF6331F0F38
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331E3AE40_2_00007FF6331E3AE4
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331EEB300_2_00007FF6331EEB30
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331E20A00_2_00007FF6331E20A0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331E18800_2_00007FF6331E1880
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331F0F380_2_00007FF6331F0F38
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331D1F500_2_00007FF6331D1F50
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331E7E4C0_2_00007FF6331E7E4C
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331D8FD00_2_00007FF6331D8FD0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331EE01C0_2_00007FF6331EE01C
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331F9FF80_2_00007FF6331F9FF8
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331E7E4C0_2_00007FF6331E7E4C
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331E1E940_2_00007FF6331E1E94
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331F1EE40_2_00007FF6331F1EE4
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331E36E00_2_00007FF6331E36E0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331E86D00_2_00007FF6331E86D0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331F471C0_2_00007FF6331F471C
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331E5F300_2_00007FF6331E5F30
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331F6D700_2_00007FF6331F6D70
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331E2D500_2_00007FF6331E2D50
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331F65EC0_2_00007FF6331F65EC
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA141FD02_2_00007FFBAA141FD0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1424302_2_00007FFBAA142430
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1DBAD02_2_00007FFBAA1DBAD0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA169AB02_2_00007FFBAA169AB0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1E5B002_2_00007FFBAA1E5B00
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1D8B102_2_00007FFBAA1D8B10
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA196B402_2_00007FFBAA196B40
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1DFB302_2_00007FFBAA1DFB30
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA18BB912_2_00007FFBAA18BB91
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA153BC02_2_00007FFBAA153BC0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA193BA02_2_00007FFBAA193BA0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1D2BB02_2_00007FFBAA1D2BB0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA159C802_2_00007FFBAA159C80
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA15FC702_2_00007FFBAA15FC70
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1C58A02_2_00007FFBAA1C58A0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1FE8E02_2_00007FFBAA1FE8E0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA15A9402_2_00007FFBAA15A940
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA2079202_2_00007FFBAA207920
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1739802_2_00007FFBAA173980
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1859602_2_00007FFBAA185960
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1C099B2_2_00007FFBAA1C099B
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA2059E02_2_00007FFBAA2059E0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1B5A402_2_00007FFBAA1B5A40
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1E5EF02_2_00007FFBAA1E5EF0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA167F602_2_00007FFBAA167F60
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA16BFA02_2_00007FFBAA16BFA0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1AEFB02_2_00007FFBAA1AEFB0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1990102_2_00007FFBAA199010
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA17CFE02_2_00007FFBAA17CFE0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1570302_2_00007FFBAA157030
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1610602_2_00007FFBAA161060
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1690602_2_00007FFBAA169060
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1CB0602_2_00007FFBAA1CB060
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA178CB02_2_00007FFBAA178CB0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1A9D802_2_00007FFBAA1A9D80
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA15BDA02_2_00007FFBAA15BDA0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA16CDE02_2_00007FFBAA16CDE0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1BAE702_2_00007FFBAA1BAE70
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1772D02_2_00007FFBAA1772D0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1D83102_2_00007FFBAA1D8310
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1762F02_2_00007FFBAA1762F0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1F43302_2_00007FFBAA1F4330
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1B33B02_2_00007FFBAA1B33B0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA2044102_2_00007FFBAA204410
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1634902_2_00007FFBAA163490
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1AA4902_2_00007FFBAA1AA490
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1540B02_2_00007FFBAA1540B0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA2020B02_2_00007FFBAA2020B0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1BA1102_2_00007FFBAA1BA110
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA2110E02_2_00007FFBAA2110E0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA2051C02_2_00007FFBAA2051C0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1B11D02_2_00007FFBAA1B11D0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA19F2302_2_00007FFBAA19F230
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1EA2802_2_00007FFBAA1EA280
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1532952_2_00007FFBAA153295
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1F76C02_2_00007FFBAA1F76C0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1D67002_2_00007FFBAA1D6700
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1666F02_2_00007FFBAA1666F0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1F47502_2_00007FFBAA1F4750
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA2067802_2_00007FFBAA206780
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1807902_2_00007FFBAA180790
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA19A7702_2_00007FFBAA19A770
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1547C02_2_00007FFBAA1547C0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA17D7C02_2_00007FFBAA17D7C0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1577C42_2_00007FFBAA1577C4
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA19F7D02_2_00007FFBAA19F7D0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1F27A02_2_00007FFBAA1F27A0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA16C8002_2_00007FFBAA16C800
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA15282E2_2_00007FFBAA15282E
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1FC8702_2_00007FFBAA1FC870
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA17E4D02_2_00007FFBAA17E4D0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1574B12_2_00007FFBAA1574B1
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1545102_2_00007FFBAA154510
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA17C5302_2_00007FFBAA17C530
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1AB5302_2_00007FFBAA1AB530
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1C25802_2_00007FFBAA1C2580
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1945902_2_00007FFBAA194590
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1F35D02_2_00007FFBAA1F35D0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1F85B02_2_00007FFBAA1F85B0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1596402_2_00007FFBAA159640
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA1716302_2_00007FFBAA171630
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAF548202_2_00007FFBAAF54820
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAF545D02_2_00007FFBAAF545D0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAF624A02_2_00007FFBAAF624A0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAF629C02_2_00007FFBAAF629C0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAF62EC02_2_00007FFBAAF62EC0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAF635502_2_00007FFBAAF63550
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAF61FF02_2_00007FFBAAF61FF0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAF61D802_2_00007FFBAAF61D80
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAF71D402_2_00007FFBAAF71D40
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAF721102_2_00007FFBAAF72110
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAF821C02_2_00007FFBAAF821C0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAF81F102_2_00007FFBAAF81F10
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAFA1FA02_2_00007FFBAAFA1FA0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAFB1F402_2_00007FFBAAFB1F40
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAFB20502_2_00007FFBAAFB2050
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAFC1D402_2_00007FFBAAFC1D40
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAFC22D02_2_00007FFBAAFC22D0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAFD21602_2_00007FFBAAFD2160
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAFE20702_2_00007FFBAAFE2070
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAFFB4502_2_00007FFBAAFFB450
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB0618A02_2_00007FFBAB0618A0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB0612F02_2_00007FFBAB0612F0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB6022202_2_00007FFBAB602220
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB6194302_2_00007FFBAB619430
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB6191D02_2_00007FFBAB6191D0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB6151802_2_00007FFBAB615180
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: String function: 00007FFBAA180F90 appears 34 times
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: String function: 00007FF6331D2B30 appears 47 times
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: String function: 00007FFBAB03C090 appears 47 times
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: String function: 00007FFBAA1594B0 appears 134 times
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: String function: 00007FFBAA15A550 appears 171 times
    Source: _overlapped.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: python3.dll.0.drStatic PE information: No import functions for PE file found
    Source: MkWMm5piE5.exe, 00000000.00000003.1478907816.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000000.00000003.1463898916.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000000.00000003.1462538138.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000000.00000003.1463461461.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000000.00000003.2797437898.0000020DCC847000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32crypt.pyd0 vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000000.00000003.1472101966.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000000.00000003.1463076253.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000000.00000003.1463782930.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000000.00000003.1464427612.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000000.00000003.1464023512.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000000.00000003.1478703076.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepywintypes312.dll0 vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000000.00000003.1463623152.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000000.00000003.1462396241.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000000.00000003.1464103716.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000000.00000003.1463182257.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000000.00000003.1471490078.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000000.00000003.1464712566.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000000.00000003.1464295337.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000000.00000003.1464580671.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000000.00000003.1471891598.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000000.00000003.1464200822.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exeBinary or memory string: OriginalFilename vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000002.00000002.3315793268.00007FFBB7EE6000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000002.00000002.3309098792.00007FFBAA7A3000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpBinary or memory string: OriginalFilenamepywintypes312.dll0 vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000002.00000002.3316601774.00007FFBBCD59000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000002.00000002.3313727302.00007FFBAB6DD000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000002.00000002.3315007925.00007FFBB4C53000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000002.00000002.3316193883.00007FFBBB605000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000002.00000002.3308378913.00007FFBAA2AF000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000002.00000002.3316449283.00007FFBBB64E000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000002.00000002.3315452433.00007FFBB5CB9000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000002.00000002.3313931520.00007FFBAB6FF000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000002.00000002.3315916219.00007FFBBB556000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000002.00000002.3316322641.00007FFBBB622000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000002.00000002.3314648966.00007FFBAB809000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000002.00000002.3315669574.00007FFBB69AB000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000002.00000002.3304316895.000001D39CD10000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000002.00000002.3310143228.00007FFBAAE64000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython312.dll. vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000002.00000002.3313585490.00007FFBAB69E000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000002.00000002.3314248463.00007FFBAB7D0000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilenamelibsslH vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000002.00000002.3312900685.00007FFBAB62E000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: OriginalFilenamewin32crypt.pyd0 vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000002.00000002.3316037127.00007FFBBB5D7000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000002.00000002.3313145124.00007FFBAB65B000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs MkWMm5piE5.exe
    Source: MkWMm5piE5.exe, 00000002.00000002.3312406710.00007FFBAB174000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs MkWMm5piE5.exe
    Source: classification engineClassification label: mal72.troj.evad.winEXE@6/87@2/2
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331D8560 GetLastError,FormatMessageW,WideCharToMultiByte,0_2_00007FF6331D8560
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB61A8E1 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,PyExc_TypeError,PyErr_SetString,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,CertOpenSystemStoreW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,_Py_NewReference,PyLong_FromVoidPtr,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,2_2_00007FFBAB61A8E1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3020:120:WilError_03
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442Jump to behavior
    Source: MkWMm5piE5.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: MkWMm5piE5.exe, 00000002.00000002.3308324125.00007FFBAA27C000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
    Source: MkWMm5piE5.exe, 00000002.00000002.3308324125.00007FFBAA27C000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
    Source: MkWMm5piE5.exe, 00000002.00000002.3308324125.00007FFBAA27C000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
    Source: MkWMm5piE5.exe, 00000002.00000002.3308324125.00007FFBAA27C000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
    Source: MkWMm5piE5.exe, MkWMm5piE5.exe, 00000002.00000002.3308324125.00007FFBAA27C000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
    Source: MkWMm5piE5.exe, 00000002.00000002.3308324125.00007FFBAA27C000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
    Source: MkWMm5piE5.exe, 00000002.00000002.3308324125.00007FFBAA27C000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
    Source: MkWMm5piE5.exeReversingLabs: Detection: 42%
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile read: C:\Users\user\Desktop\MkWMm5piE5.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\MkWMm5piE5.exe "C:\Users\user\Desktop\MkWMm5piE5.exe"
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeProcess created: C:\Users\user\Desktop\MkWMm5piE5.exe "C:\Users\user\Desktop\MkWMm5piE5.exe"
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command " Add-Type -AssemblyName System.Windows.Forms Add-Type -AssemblyName System.Drawing $screen = [System.Windows.Forms.SystemInformation]::VirtualScreen $bitmap = New-Object System.Drawing.Bitmap $screen.Width, $screen.Height $graphics = [System.Drawing.Graphics]::FromImage($bitmap) $graphics.CopyFromScreen($screen.Location, [System.Drawing.Point]::Empty, $screen.Size) $bitmap.Save(\"C:\Users\user\AppData\Local\Temp\desktop_screenshot.png\") "
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeProcess created: C:\Users\user\Desktop\MkWMm5piE5.exe "C:\Users\user\Desktop\MkWMm5piE5.exe"Jump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command " Add-Type -AssemblyName System.Windows.Forms Add-Type -AssemblyName System.Drawing $screen = [System.Windows.Forms.SystemInformation]::VirtualScreen $bitmap = New-Object System.Drawing.Bitmap $screen.Width, $screen.Height $graphics = [System.Drawing.Graphics]::FromImage($bitmap) $graphics.CopyFromScreen($screen.Location, [System.Drawing.Point]::Empty, $screen.Size) $bitmap.Save(\"C:\Users\user\AppData\Local\Temp\desktop_screenshot.png\") "Jump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeSection loaded: vcruntime140.dllJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeSection loaded: libffi-8.dllJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeSection loaded: libcrypto-3.dllJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeSection loaded: libssl-3.dllJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeSection loaded: sqlite3.dllJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeSection loaded: pywintypes312.dllJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeSection loaded: vcruntime140_1.dllJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeSection loaded: vcruntime140_1.dllJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeSection loaded: textshaping.dllJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windowscodecs.dllJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
    Source: MkWMm5piE5.exeStatic PE information: Image base 0x140000000 > 0x60000000
    Source: MkWMm5piE5.exeStatic file information: File size 17155097 > 1048576
    Source: MkWMm5piE5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: MkWMm5piE5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: MkWMm5piE5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: MkWMm5piE5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: MkWMm5piE5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: MkWMm5piE5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: MkWMm5piE5.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Source: MkWMm5piE5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: MkWMm5piE5.exe, 00000002.00000002.3309361829.00007FFBAABC3000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: MkWMm5piE5.exe, 00000002.00000002.3312079895.00007FFBAB16F000.00000002.00000001.01000000.00000019.sdmp
    Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 3.0.11 19 Sep 20233.0.11built on: Wed Sep 27 22:33:28 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_push_octet_ptrOSSL_PARAM_BLD_to_param..\s\crypto\params.c source: MkWMm5piE5.exe, 00000002.00000002.3308830462.00007FFBAA662000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: MkWMm5piE5.exe, 00000002.00000002.3308830462.00007FFBAA662000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: MkWMm5piE5.exe, 00000002.00000002.3307886842.00007FFBA96F3000.00000002.00000001.01000000.0000001F.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: MkWMm5piE5.exe, 00000000.00000003.1464103716.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3315622591.00007FFBB69A6000.00000002.00000001.01000000.00000014.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: MkWMm5piE5.exe, 00000000.00000003.1462396241.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3316553027.00007FFBBCD53000.00000002.00000001.01000000.00000005.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb source: win32api.pyd.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: MkWMm5piE5.exe, 00000000.00000003.1462396241.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3316553027.00007FFBBCD53000.00000002.00000001.01000000.00000005.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: MkWMm5piE5.exe, 00000002.00000002.3308324125.00007FFBAA27C000.00000002.00000001.01000000.0000001B.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb** source: MkWMm5piE5.exe, 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: MkWMm5piE5.exe, 00000000.00000003.1464023512.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: MkWMm5piE5.exe, 00000000.00000003.1462538138.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3315406946.00007FFBB5CB5000.00000002.00000001.01000000.0000001E.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: MkWMm5piE5.exe, 00000000.00000003.1478907816.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3315866113.00007FFBBB553000.00000002.00000001.01000000.0000000D.sdmp, select.pyd.0.dr
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb source: MkWMm5piE5.exe, 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb!! source: win32api.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: MkWMm5piE5.exe, 00000002.00000002.3316398782.00007FFBBB641000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: MkWMm5piE5.exe, 00000000.00000003.1463782930.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3313502126.00007FFBAB697000.00000002.00000001.01000000.00000016.sdmp
    Source: Binary string: D:\a\1\b\libssl-3.pdbEE source: MkWMm5piE5.exe, 00000002.00000002.3314149842.00007FFBAB795000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32crypt.pdb source: MkWMm5piE5.exe, 00000002.00000002.3312851942.00007FFBAB621000.00000002.00000001.01000000.0000001C.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: MkWMm5piE5.exe, 00000000.00000003.1463898916.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3316116617.00007FFBBB5FC000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: MkWMm5piE5.exe, 00000000.00000003.1463076253.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3313861592.00007FFBAB6F8000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: crypto\stack\stack.cOPENSSL_sk_dupOPENSSL_sk_deep_copysk_reserveOPENSSL_sk_new_reserveOPENSSL_sk_reserveOPENSSL_sk_insertOPENSSL_sk_seti=%dcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC3.1.4built on: Fri Nov 24 00:12:45 2023 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptoOPENSSL_atexitcrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: MkWMm5piE5.exe, 00000002.00000002.3307886842.00007FFBA96F3000.00000002.00000001.01000000.0000001F.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32crypt.pdb!! source: MkWMm5piE5.exe, 00000002.00000002.3312851942.00007FFBAB621000.00000002.00000001.01000000.0000001C.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: MkWMm5piE5.exe, 00000002.00000002.3313676473.00007FFBAB6D2000.00000002.00000001.01000000.00000015.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: MkWMm5piE5.exe, 00000000.00000003.1464200822.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3315745742.00007FFBB7EE3000.00000002.00000001.01000000.0000000E.sdmp
    Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-7t032bmh\src\rust\target\release\deps\cryptography_rust.pdbcQ source: MkWMm5piE5.exe, 00000002.00000002.3307886842.00007FFBA96F3000.00000002.00000001.01000000.0000001F.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: MkWMm5piE5.exe, 00000000.00000003.1463898916.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3316116617.00007FFBBB5FC000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: MkWMm5piE5.exe, 00000000.00000003.1463182257.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3316274348.00007FFBBB61D000.00000002.00000001.01000000.00000009.sdmp
    Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-7t032bmh\src\rust\target\release\deps\cryptography_rust.pdb source: MkWMm5piE5.exe, 00000002.00000002.3307886842.00007FFBA96F3000.00000002.00000001.01000000.0000001F.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: MkWMm5piE5.exe, 00000000.00000003.1464712566.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3315989662.00007FFBBB5D4000.00000002.00000001.01000000.0000000B.sdmp, _wmi.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: MkWMm5piE5.exe, 00000000.00000003.1464295337.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3314923690.00007FFBB4C49000.00000002.00000001.01000000.0000000C.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: MkWMm5piE5.exe, 00000000.00000003.1464712566.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3315989662.00007FFBBB5D4000.00000002.00000001.01000000.0000000B.sdmp, _wmi.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: MkWMm5piE5.exe, 00000002.00000002.3313059220.00007FFBAB64F000.00000002.00000001.01000000.0000001A.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: MkWMm5piE5.exe, 00000000.00000003.1472101966.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3304316895.000001D39CD10000.00000002.00000001.01000000.00000006.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: MkWMm5piE5.exe, 00000000.00000003.1462538138.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3315406946.00007FFBB5CB5000.00000002.00000001.01000000.0000001E.sdmp
    Source: Binary string: D:\a\1\b\libssl-3.pdb source: MkWMm5piE5.exe, 00000002.00000002.3314149842.00007FFBAB795000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: X509_SIGPKCS8_encrypt_excrypto\pkcs12\p12_p8e.cPKCS8_set0_pbe_excompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: MkWMm5piE5.exe, 00000002.00000002.3307886842.00007FFBA96F3000.00000002.00000001.01000000.0000001F.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: MkWMm5piE5.exe, 00000002.00000002.3314451260.00007FFBAB7ED000.00000002.00000001.01000000.00000010.sdmp
    Source: MkWMm5piE5.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: MkWMm5piE5.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: MkWMm5piE5.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: MkWMm5piE5.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: MkWMm5piE5.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: VCRUNTIME140_1.dll.0.drStatic PE information: 0xFB76EAA0 [Mon Sep 10 13:35:28 2103 UTC]
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB03DB00 GetModuleHandleW,LoadLibraryW,GetProcAddress,AddAccessAllowedAce,GetProcAddress,AddAccessDeniedAce,GetProcAddress,AddAccessAllowedAceEx,GetProcAddress,AddMandatoryAce,GetProcAddress,AddAccessAllowedObjectAce,GetProcAddress,AddAccessDeniedAceEx,GetProcAddress,AddAccessDeniedObjectAce,GetProcAddress,AddAuditAccessAceEx,GetProcAddress,AddAuditAccessObjectAce,GetProcAddress,SetSecurityDescriptorControl,InitializeCriticalSection,TlsAlloc,DeleteCriticalSection,TlsFree,2_2_00007FFBAB03DB00
    Source: MkWMm5piE5.exeStatic PE information: section name: _RDATA
    Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
    Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
    Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
    Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
    Source: python312.dll.0.drStatic PE information: section name: PyRuntim
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF633215004 push rsp; retf 0_2_00007FF633215005
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA19161E push rdx; iretd 2_2_00007FFBAA191621
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFB492100BD pushad ; iretd 3_2_00007FFB492100C1

    Persistence and Installation Behavior

    barindex
    Found pyInstaller with non standard icon
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeProcess created: "C:\Users\user\Desktop\MkWMm5piE5.exe"
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\python3.dllJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\win32\win32api.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\_lzma.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_chacha20.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\_ssl.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Util\_cpuid_c.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\pywin32_system32\pywintypes312.dllJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\sqlite3.dllJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Protocol\_scrypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\_sqlite3.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_cast.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\PublicKey\_x25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_SHA224.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\VCRUNTIME140_1.dllJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\PublicKey\_ec_ws.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\libssl-3.dllJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\win32\win32crypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\PublicKey\_ed448.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_ocb.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\python312.dllJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_cfb.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_aes.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\_socket.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\cryptography\hazmat\bindings\_rust.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_ecb.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_ofb.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_BLAKE2s.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_des.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\_decimal.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\_hashlib.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_poly1305.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Math\_modexp.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\pyexpat.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_ARC4.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\_queue.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\libffi-8.dllJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_ghash_portable.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_MD4.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_BLAKE2b.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_SHA256.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\VCRUNTIME140.dllJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_des3.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\_ctypes.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_SHA512.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\_bz2.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_keccak.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_RIPEMD160.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_ctr.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_cbc.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_MD5.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_arc2.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\PublicKey\_ed25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_MD2.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\unicodedata.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_SHA1.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_SHA384.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_aesni.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\_wmi.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_ghash_clmul.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\libcrypto-3.dllJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\_multiprocessing.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\_overlapped.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\_asyncio.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_Salsa20.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\_cffi_backend.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\select.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Util\_strxor.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331D51E0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF6331D51E0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3834Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2184Jump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\python3.dllJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\win32\win32api.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\_lzma.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_chacha20.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\_ssl.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Util\_cpuid_c.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Protocol\_scrypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\_sqlite3.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\PublicKey\_x25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_cast.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_SHA224.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\PublicKey\_ec_ws.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\win32\win32crypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\PublicKey\_ed448.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_ocb.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\python312.dllJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_cfb.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_aes.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\_socket.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\cryptography\hazmat\bindings\_rust.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_ofb.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_ecb.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_BLAKE2s.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_des.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\_hashlib.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\_decimal.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_poly1305.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Math\_modexp.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\pyexpat.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_ARC4.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\_queue.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_ghash_portable.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_MD4.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_BLAKE2b.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_SHA256.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\_ctypes.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_des3.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_SHA512.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\_bz2.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_keccak.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_RIPEMD160.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_ctr.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_cbc.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_MD5.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_arc2.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\PublicKey\_ed25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_MD2.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\unicodedata.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_SHA1.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_SHA384.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_aesni.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\_wmi.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_ghash_clmul.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\_overlapped.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\_multiprocessing.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\_asyncio.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_Salsa20.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\_cffi_backend.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\select.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Util\_strxor.pydJump to dropped file
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-16373
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeAPI coverage: 0.0 %
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1092Thread sleep time: -922337203685477s >= -30000sJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6000Thread sleep time: -1844674407370954s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331D88D0 FindFirstFileExW,FindClose,0_2_00007FF6331D88D0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331E7E4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF6331E7E4C
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331E7E4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF6331E7E4C
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331F1EE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6331F1EE4
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA161490 GetSystemInfo,2_2_00007FFBAA161490
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: MkWMm5piE5.exe, 00000000.00000003.1465243294.0000020DCC83A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
    Source: MkWMm5piE5.exe, 00000002.00000003.1494869483.000001D39D19F000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3304676440.000001D39D190000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1490907301.000001D39D1C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331EABD8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6331EABD8
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB03DB00 GetModuleHandleW,LoadLibraryW,GetProcAddress,AddAccessAllowedAce,GetProcAddress,AddAccessDeniedAce,GetProcAddress,AddAccessAllowedAceEx,GetProcAddress,AddMandatoryAce,GetProcAddress,AddAccessAllowedObjectAce,GetProcAddress,AddAccessDeniedAceEx,GetProcAddress,AddAccessDeniedObjectAce,GetProcAddress,AddAuditAccessAceEx,GetProcAddress,AddAuditAccessObjectAce,GetProcAddress,SetSecurityDescriptorControl,InitializeCriticalSection,TlsAlloc,DeleteCriticalSection,TlsFree,2_2_00007FFBAB03DB00
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331F3AF0 GetProcessHeap,0_2_00007FF6331F3AF0
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331DBCE0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF6331DBCE0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331EABD8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6331EABD8
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331DC760 SetUnhandledExceptionFilter,0_2_00007FF6331DC760
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331DC57C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6331DC57C
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA141390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAA141390
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA141960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAA141960
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAA27ABE0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAA27ABE0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAF51960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAAF51960
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAF51390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAAF51390
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAF61960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAAF61960
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAF61390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAAF61390
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAF71960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAAF71960
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAF71390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAAF71390
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAF81960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAAF81960
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAF81390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAAF81390
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAF91960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAAF91960
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAF91390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAAF91390
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAFA1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAAFA1960
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAFA1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAAFA1390
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAFB1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAAFB1960
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAFB1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAAFB1390
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAFC1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAAFC1960
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAFC1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAAFC1390
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAFD1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAAFD1960
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAFD1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAAFD1390
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAFE1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAAFE1960
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAAFE1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAAFE1390
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB00B360 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAB00B360
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB00BCC8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAB00BCC8
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB03F85C SetUnhandledExceptionFilter,2_2_00007FFBAB03F85C
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB03F674 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAB03F674
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB03E55C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAB03E55C
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB062AA0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAB062AA0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB063068 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAB063068
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB5F1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAB5F1390
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB5F1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAB5F1960
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB601390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAB601390
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB601960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAB601960
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB62036C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAB62036C
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB61F768 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAB61F768
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB620554 SetUnhandledExceptionFilter,2_2_00007FFBAB620554
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeProcess created: C:\Users\user\Desktop\MkWMm5piE5.exe "C:\Users\user\Desktop\MkWMm5piE5.exe"Jump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command " add-type -assemblyname system.windows.forms add-type -assemblyname system.drawing $screen = [system.windows.forms.systeminformation]::virtualscreen $bitmap = new-object system.drawing.bitmap $screen.width, $screen.height $graphics = [system.drawing.graphics]::fromimage($bitmap) $graphics.copyfromscreen($screen.location, [system.drawing.point]::empty, $screen.size) $bitmap.save(\"c:\users\user\appdata\local\temp\desktop_screenshot.png\") "
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command " add-type -assemblyname system.windows.forms add-type -assemblyname system.drawing $screen = [system.windows.forms.systeminformation]::virtualscreen $bitmap = new-object system.drawing.bitmap $screen.width, $screen.height $graphics = [system.drawing.graphics]::fromimage($bitmap) $graphics.copyfromscreen($screen.location, [system.drawing.point]::empty, $screen.size) $bitmap.save(\"c:\users\user\appdata\local\temp\desktop_screenshot.png\") "Jump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB037CD0 PyArg_ParseTuple,PyExc_TypeError,PyErr_SetString,GetSecurityDescriptorDacl,free,SetSecurityDescriptorDacl,GetSecurityDescriptorOwner,free,GetSecurityDescriptorGroup,free,free,free,2_2_00007FFBAB037CD0
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 2_2_00007FFBAB038B50 _PyArg_ParseTuple_SizeT,PyErr_Clear,_PyArg_ParseTuple_SizeT,PyErr_Clear,_PyArg_ParseTuple_SizeT,PySequence_Check,PyExc_TypeError,PyErr_SetString,PySequence_Size,PySequence_Tuple,_PyArg_ParseTuple_SizeT,_Py_Dealloc,AllocateAndInitializeSid,PyExc_ValueError,PyErr_SetString,_Py_NewReference,malloc,memset,memcpy,2_2_00007FFBAB038B50
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331F9E40 cpuid 0_2_00007FF6331F9E40
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\PublicKey VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\PublicKey VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Util VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\_bz2.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\_lzma.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\_wmi.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\_socket.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\select.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\_ssl.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\_overlapped.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442\pyexpat.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeQueries volume information: C:\Users\user\Desktop\MkWMm5piE5.exe VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331DC460 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF6331DC460
    Source: C:\Users\user\Desktop\MkWMm5piE5.exeCode function: 0_2_00007FF6331F6370 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF6331F6370

    Stealing of Sensitive Information

    barindex
    Yara detected Generic Python Stealer
    Source: Yara matchFile source: Process Memory Space: MkWMm5piE5.exe PID: 4152, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected Generic Python Stealer
    Source: Yara matchFile source: Process Memory Space: MkWMm5piE5.exe PID: 4152, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
    Windows Management Instrumentation    		1
    DLL Side-Loading    		11
    Process Injection    		31
    Virtualization/Sandbox Evasion    		OS Credential Dumping2
    System Time Discovery    		Remote Services11
    Archive Collected Data    		22
    Encrypted Channel    		Exfiltration Over Other Network Medium1
    Data Encrypted for Impact
    CredentialsDomainsDefault Accounts1
    Command and Scripting Interpreter    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		11
    Process Injection    		LSASS Memory31
    Security Software Discovery    		Remote Desktop ProtocolData from Removable Media1
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain Accounts2
    Native API    		Logon Script (Windows)Logon Script (Windows)1
    Deobfuscate/Decode Files or Information    		Security Account Manager1
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive2
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
    Obfuscated Files or Information    		NTDS31
    Virtualization/Sandbox Evasion    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    Install Root Certificate    		LSA Secrets1
    Application Window Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    Timestomp    		Cached Domain Credentials1
    File and Directory Discovery    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
    DLL Side-Loading    		DCSync24
    System Information Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    MkWMm5piE5.exe42%ReversingLabsWin32.Ransomware.PythonStealer
    MkWMm5piE5.exe100%AviraTR/AVI.Agent.gagco

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_ARC4.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_Salsa20.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_chacha20.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_pkcs1_decode.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_aes.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_aesni.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_arc2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_blowfish.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_cast.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_cbc.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_cfb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_ctr.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_des.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_des3.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_ecb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_eksblowfish.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_ocb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_ofb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_BLAKE2b.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_BLAKE2s.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_MD2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_MD4.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_MD5.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_RIPEMD160.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_SHA1.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_SHA224.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_SHA256.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_SHA384.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_SHA512.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_ghash_clmul.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_ghash_portable.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_keccak.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_poly1305.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Math\_modexp.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Protocol\_scrypt.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\PublicKey\_ec_ws.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\PublicKey\_ed25519.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\PublicKey\_ed448.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\PublicKey\_x25519.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Util\_cpuid_c.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Util\_strxor.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\VCRUNTIME140.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\VCRUNTIME140_1.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\_asyncio.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\_bz2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\_cffi_backend.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\_ctypes.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\_decimal.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\_hashlib.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\_lzma.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\_multiprocessing.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\_overlapped.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\_queue.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\_socket.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\_sqlite3.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\_ssl.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\_wmi.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\charset_normalizer\md.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\charset_normalizer\md__mypyc.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\cryptography\hazmat\bindings\_rust.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\libcrypto-3.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\libffi-8.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\libssl-3.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\pyexpat.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\python3.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\python312.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\pywin32_system32\pywintypes312.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\select.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\sqlite3.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI64442\unicodedata.pyd0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://repository.swisssign.com/ca0%Avira URL Cloudsafe
    http://repository.swisssign.com/La0%Avira URL Cloudsafe
    http://.../back.jpe0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    busquedasxurl.com
    		82.180.136.22
    		truefalse
      		high
      httpbin.org
      		34.224.200.202
      		truefalse
        		high

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://repository.swisssign.com/caMkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D6F9000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdfMkWMm5piE5.exe, 00000002.00000002.3306335363.000001D39E2F8000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          https://github.com/pyca/cryptography/issues/8996MkWMm5piE5.exe, 00000002.00000002.3307886842.00007FFBA96F3000.00000002.00000001.01000000.0000001F.sdmpfalse
            		high
            https://api.telegram.org/botMkWMm5piE5.exe, 00000002.00000002.3305937311.000001D39E070000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              https://api.telegram.org/botzMkWMm5piE5.exe, 00000002.00000003.2104494601.000001D39D96E000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305340334.000001D39D96E000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesMkWMm5piE5.exe, 00000002.00000002.3305937311.000001D39E070000.00000004.00001000.00020000.00000000.sdmpfalse
                  		high
                  http://aka.ms/vcpython27MkWMm5piE5.exe, 00000002.00000002.3305668707.000001D39DCF0000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1498548728.000001D39D6F9000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1497824303.000001D39D6F9000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1496471397.000001D39D6F9000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1494121201.000001D39D6DF000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://www.accv.es/legislacion_c.htmsMkWMm5piE5.exe, 00000002.00000003.2104279532.000001D39E372000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103074553.000001D39E370000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102941796.000001D39E359000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://github.com/mhammond/pywin32MkWMm5piE5.exe, MkWMm5piE5.exe, 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmp, MkWMm5piE5.exe, 00000002.00000002.3312900685.00007FFBAB62E000.00000002.00000001.01000000.0000001C.sdmp, win32api.pyd.0.drfalse
                        		high
                        http://crl.dhimyotis.com/certignarootca.crl0MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D5B0000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          http://docs.python.org/library/unittest.htmlMkWMm5piE5.exe, 00000002.00000003.1498548728.000001D39D6F9000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1497824303.000001D39D6F9000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D6F9000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1496471397.000001D39D6F9000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1494121201.000001D39D70E000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://setuptools.pypa.io/en/latest/MkWMm5piE5.exe, 00000002.00000002.3305589236.000001D39DBE0000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1494869483.000001D39D214000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#MkWMm5piE5.exe, 00000002.00000002.3304382805.000001D39CD30000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3303883410.000001D39B307000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://github.com/pyca/cryptography/actions?query=workflow%3ACIMkWMm5piE5.exe, 00000000.00000003.1466293181.0000020DCC83D000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                  		high
                                  https://tools.ietf.org/html/rfc2388#section-4.4MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D79C000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://www.apache.org/licenses/LICENSE-2.0MkWMm5piE5.exe, 00000000.00000003.1465897053.0000020DCC83D000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1465864628.0000020DCC848000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000000.00000003.1465970206.0000020DCC848000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://packaging.python.org/en/latest/specifications/core-metadata/MkWMm5piE5.exe, 00000002.00000002.3305668707.000001D39DCF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64MkWMm5piE5.exe, 00000002.00000002.3304382805.000001D39CD81000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://github.com/pypa/packagingMkWMm5piE5.exe, 00000002.00000002.3306533126.000001D39E980000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            https://refspecs.linuxfoundation.org/elf/gabi4MkWMm5piE5.exe, 00000002.00000002.3305511919.000001D39DAC0000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306533126.000001D39E980000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              https://nuget.org/nuget.exepowershell.exe, 00000003.00000002.1637110532.000001A1D1BD2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1637110532.000001A1D1A8F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1621511003.000001A1C3316000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr#r$NrjrMkWMm5piE5.exe, 00000002.00000003.1498329355.000001D39D7F6000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1498049998.000001D39D93F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963MkWMm5piE5.exe, 00000002.00000002.3306533126.000001D39E980000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://docs.python.org/3/library/subprocess#subprocess.Popen.killMkWMm5piE5.exe, 00000002.00000003.1498157568.000001D39D838000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305746088.000001D39DE50000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1497047761.000001D39D838000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://tools.ietf.org/html/rfc3610MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D79C000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102480459.000001D39D9A5000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2104494601.000001D39D96E000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7C5000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305340334.000001D39D96E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://github.com/platformdirs/platformdirsMkWMm5piE5.exe, 00000002.00000002.3305937311.000001D39E070000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://peps.python.org/pep-0205/MkWMm5piE5.exe, 00000002.00000002.3304871002.000001D39D3B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://crl.dhimyotis.com/certignarootca.crlMkWMm5piE5.exe, 00000002.00000003.2103278667.000001D39E402000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306411530.000001D39E402000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306278151.000001D39E281000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102966546.000001D39E3FE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102887316.000001D39E377000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305340334.000001D39D931000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://curl.haxx.se/rfc/cookie_spec.htmlMkWMm5piE5.exe, 00000002.00000002.3306613004.000001D39EA80000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://ocsp.accv.esMkWMm5piE5.exe, 00000002.00000002.3306335363.000001D39E38C000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2104046662.000001D39E390000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103257249.000001D39E38F000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103156560.000001D39E382000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102887316.000001D39E377000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://docs.python.org/3/library/subprocess#subprocess.Popen.returncodeMkWMm5piE5.exe, 00000002.00000003.1498157568.000001D39D838000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305746088.000001D39DE50000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1497047761.000001D39D838000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000003.00000002.1621511003.000001A1C1A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyMkWMm5piE5.exe, 00000002.00000002.3306613004.000001D39EA80000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688MkWMm5piE5.exe, 00000002.00000002.3304149840.000001D39CC7C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://httpbin.org/getMkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr#MkWMm5piE5.exe, 00000002.00000003.1498329355.000001D39D7F6000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1498049998.000001D39D93F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://packaging.python.org/en/latest/specifications/entry-points/MkWMm5piE5.exe, 00000002.00000002.3305589236.000001D39DBE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000003.00000002.1621511003.000001A1C1C52000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1621511003.000001A1C31D6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-accessMkWMm5piE5.exe, 00000002.00000003.1498291053.000001D39D92C000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3304676440.000001D39D190000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1498081248.000001D39D89C000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1498329355.000001D39D7F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://pypi.org/project/build/).MkWMm5piE5.exe, 00000002.00000002.3305511919.000001D39DAC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000003.00000002.1621511003.000001A1C1C52000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1621511003.000001A1C31D6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://repository.swisssign.com/LaMkWMm5piE5.exe, 00000002.00000002.3306131061.000001D39E206000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://go.micropowershell.exe, 00000003.00000002.1621511003.000001A1C2652000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://wwww.certigna.fr/autorites/0mMkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D5B0000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102539379.000001D39E279000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103511502.000001D39E281000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306278151.000001D39E281000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerMkWMm5piE5.exe, 00000002.00000002.3304382805.000001D39CD30000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3303883410.000001D39B307000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://foo/bar.tgzMkWMm5piE5.exe, 00000002.00000002.3305511919.000001D39DAC0000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305937311.000001D39E070000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://github.com/python/cpython/issues/86361.MkWMm5piE5.exe, 00000002.00000003.1489798578.000001D39D2A8000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1494869483.000001D39D19F000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3304676440.000001D39D190000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1492098077.000001D39D2A4000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1490907301.000001D39D2A7000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1488732826.000001D39D2A8000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1489740790.000001D39D19B000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1488570288.000001D39D35C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://contoso.com/Iconpowershell.exe, 00000003.00000002.1621511003.000001A1C3316000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://httpbin.org/MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.apache.org/licenses/MkWMm5piE5.exe, 00000000.00000003.1465897053.0000020DCC83D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://.../back.jpeMkWMm5piE5.exe, 00000002.00000003.2102539379.000001D39E261000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103511502.000001D39E262000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=mainMkWMm5piE5.exe, 00000000.00000003.1466293181.0000020DCC83D000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                          		high
                                                                                                          https://wwww.certigna.fr/autorites/MkWMm5piE5.exe, 00000002.00000002.3305340334.000001D39D931000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102941796.000001D39E359000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://repository.swisssign.com/pMkWMm5piE5.exe, 00000002.00000002.3306131061.000001D39E206000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102539379.000001D39E21A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-fileMkWMm5piE5.exe, 00000002.00000002.3307886842.00007FFBA96F3000.00000002.00000001.01000000.0000001F.sdmpfalse
                                                                                                                		high
                                                                                                                https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gzMkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crleMkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D6F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://busquedasxurl.com/login/conexion/bloqueadoreslogs.php?ip=MkWMm5piE5.exe, 00000002.00000002.3305937311.000001D39E070000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2104494601.000001D39D96E000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305340334.000001D39D96E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://github.com/Pester/Pesterpowershell.exe, 00000003.00000002.1621511003.000001A1C1C52000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1621511003.000001A1C31D6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.MkWMm5piE5.exe, 00000002.00000002.3305589236.000001D39DBE0000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1496109125.000001D39D2B3000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1494869483.000001D39D2B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D79C000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7C5000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D67D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://cryptography.io/en/latest/installation/MkWMm5piE5.exe, 00000000.00000003.1466293181.0000020DCC83D000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                              		high
                                                                                                                              https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syMkWMm5piE5.exe, 00000002.00000002.3304382805.000001D39CD30000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3303883410.000001D39B307000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://www.python.org/psf/license/MkWMm5piE5.exe, 00000002.00000002.3309722676.00007FFBAAD3B000.00000008.00000001.01000000.00000004.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://docs.python.org/3/library/multiprocessing.htmlMkWMm5piE5.exe, 00000002.00000002.3304676440.000001D39D190000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://github.com/pypa/setuptools/issues/417#issuecomment-392298401MkWMm5piE5.exe, 00000002.00000002.3304588455.000001D39D090000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://crl.securetrust.com/STCA.crlMkWMm5piE5.exe, 00000002.00000002.3306335363.000001D39E2F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://wwwsearch.sf.net/):MkWMm5piE5.exe, 00000002.00000002.3306094647.000001D39E1B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0MkWMm5piE5.exe, 00000002.00000002.3306335363.000001D39E38C000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2104046662.000001D39E390000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102989192.000001D39E398000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103257249.000001D39E38F000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103156560.000001D39E382000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102887316.000001D39E377000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://www.accv.es/legislacion_c.htmMkWMm5piE5.exe, 00000002.00000002.3306461678.000001D39E425000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2104279532.000001D39E372000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103074553.000001D39E370000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102941796.000001D39E359000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://tools.ietf.org/html/rfc6125#section-6.4.3MkWMm5piE5.exe, 00000002.00000002.3306613004.000001D39EA80000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://cryptography.io/en/latest/security/MkWMm5piE5.exe, 00000000.00000003.1466293181.0000020DCC83D000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://cffi.readthedocs.io/en/latest/using.html#callbacksMkWMm5piE5.exe, MkWMm5piE5.exe, 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://crl.xrampsecurity.com/XGCA.crl0MkWMm5piE5.exe, 00000002.00000003.2102539379.000001D39E279000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306335363.000001D39E2F8000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2104645289.000001D39E35F000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103511502.000001D39E281000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102941796.000001D39E359000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://bugs.python.org/issue44497.MkWMm5piE5.exe, 00000002.00000002.3305435168.000001D39D9B0000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3304955061.000001D39D4B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://www.cert.fnmt.es/dpcs/MkWMm5piE5.exe, 00000002.00000002.3305340334.000001D39D931000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://setuptools.pypa.io/en/latest/pkg_resources.htmlMkWMm5piE5.exe, 00000002.00000003.1498329355.000001D39D7F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://google.com/mailMkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D79C000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7C5000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://packaging.python.org/specifications/entry-points/MkWMm5piE5.exe, 00000002.00000002.3305435168.000001D39D9B0000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3304955061.000001D39D4B0000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.1491549762.000001D39D604000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://github.com/jaraco/jaraco.functools/issues/5MkWMm5piE5.exe, 00000002.00000002.3305511919.000001D39DAC0000.00000004.00001000.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305859866.000001D39DF70000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://www.accv.es00MkWMm5piE5.exe, 00000002.00000002.3306335363.000001D39E38C000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306461678.000001D39E425000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2104279532.000001D39E372000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102989192.000001D39E398000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103074553.000001D39E370000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102887316.000001D39E377000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102941796.000001D39E359000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://www.python.org/psf/license/)MkWMm5piE5.exe, 00000002.00000002.3309361829.00007FFBAABC3000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyMkWMm5piE5.exe, 00000002.00000002.3303883410.000001D39B307000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://www.rfc-editor.org/info/rfc7253MkWMm5piE5.exe, 00000002.00000003.2104686859.000001D39E317000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103180787.000001D39E316000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306335363.000001D39E2F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://github.com/pyca/cryptography/issuesMETADATA.0.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdfMkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D79C000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2104494601.000001D39D96E000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7C5000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305340334.000001D39D96E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://readthedocs.org/projects/cryptography/badge/?version=latestMkWMm5piE5.exe, 00000000.00000003.1466293181.0000020DCC83D000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://foss.heptapod.net/pypy/pypy/-/issues/3539MkWMm5piE5.exe, 00000002.00000002.3306533126.000001D39E980000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102539379.000001D39E21A000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://google.com/MkWMm5piE5.exe, 00000002.00000002.3305340334.000001D39D8FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://mahler:8092/site-updates.pyMkWMm5piE5.exe, 00000002.00000003.2104494601.000001D39D96E000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305340334.000001D39D96E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://crl.securetrust.com/SGCA.crlMkWMm5piE5.exe, 00000002.00000003.2104686859.000001D39E317000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103180787.000001D39E316000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306335363.000001D39E2F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://.../back.jpegMkWMm5piE5.exe, 00000002.00000002.3306613004.000001D39EA80000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://tools.ietf.org/html/rfc7231#section-4.3.6)MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://tools.ietf.org/html/rfc5869MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D5B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://github.com/pyca/cryptographyMkWMm5piE5.exe, 00000000.00000003.1466293181.0000020DCC83D000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://www.python.org/download/releases/2.3/mro/.MkWMm5piE5.exe, 00000002.00000002.3304149840.000001D39CC00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.htmlMkWMm5piE5.exe, 00000002.00000003.2102539379.000001D39E279000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D79C000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102480459.000001D39D9A5000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2104494601.000001D39D96E000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7C5000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000003.2103511502.000001D39E281000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3306278151.000001D39E281000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305340334.000001D39D96E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://cryptography.io/METADATA.0.drfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://httpbin.org/postMkWMm5piE5.exe, 00000002.00000003.2102345302.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmp, MkWMm5piE5.exe, 00000002.00000002.3305034868.000001D39D7EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high

                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                          34.224.200.202
                                                                                                                                                                                                          		httpbin.orgUnited States
                                                                                                                                                                                                          		14618AMAZON-AESUSfalse
                                                                                                                                                                                                          82.180.136.22
                                                                                                                                                                                                          		busquedasxurl.comDenmark
                                                                                                                                                                                                          		29100BROADCOMDKfalse

                                                                                                                                                                                                          General Information

                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                          Analysis ID:1571338
                                                                                                                                                                                                          Start date and time:2024-12-09 10:06:14 +01:00
                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                          Overall analysis duration:0h 10m 10s
                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                          Run name:Run with higher sleep bypass
                                                                                                                                                                                                          Number of analysed new started processes analysed:9
                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                          Sample name:MkWMm5piE5.exe
                                                                                                                                                                                                          renamed because original name is a hash value
                                                                                                                                                                                                          Original Sample Name:2daa3a1b14af19d4daf3a60a493d2613b87eba00e13b21e1b12dcea681b3dc80.exe
                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                          Classification:mal72.troj.evad.winEXE@6/87@2/2
                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                          • Successful, ratio: 66.7%
                                                                                                                                                                                                          HCA Information:Failed
                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                                                                                          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                                                                                          • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                          • Execution Graph export aborted for target powershell.exe, PID 2768 because it is empty
                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                                          • VT rate limit hit for: MkWMm5piE5.exe

                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                          No simulations

                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                          IPs

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          34.224.200.202JxrkpYVdCp.exeGet hashmaliciousPython Stealer, BabadedaBrowse
                                                                                                                                                                                                            u08NgsGNym.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                              L5OMdZqWzq.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                ssPp3zvWwN.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                  okG6LaM2yP.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                    11lbKZLNnQ.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                      r2PcRF79Mo.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                        eEiHdLSfum.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          eEiHdLSfum.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            nsh99t9Dox.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                              82.180.136.22hSyJxPUUDx.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                6mYofUPYD4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  okG6LaM2yP.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                    IABrPTTzHo.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      d7rnBT699m.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        L5cZ63IH4a.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                          478y7Ve1JG.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                            XYYgkNDBXR.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              33sKdwH6im.exeGet hashmaliciousPython StealerBrowse

                                                                                                                                                                                                                                                Domains

                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                httpbin.orgJxrkpYVdCp.exeGet hashmaliciousPython Stealer, BabadedaBrowse
                                                                                                                                                                                                                                                • 34.224.200.202
                                                                                                                                                                                                                                                u08NgsGNym.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                • 34.224.200.202
                                                                                                                                                                                                                                                L5OMdZqWzq.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                • 34.224.200.202
                                                                                                                                                                                                                                                ssPp3zvWwN.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                • 34.224.200.202
                                                                                                                                                                                                                                                okG6LaM2yP.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                • 34.224.200.202
                                                                                                                                                                                                                                                I6H1RkEHlX.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                • 44.196.3.45
                                                                                                                                                                                                                                                hKgrI6tqYx.exeGet hashmaliciousPython Stealer, BabadedaBrowse
                                                                                                                                                                                                                                                • 44.196.3.45
                                                                                                                                                                                                                                                L5cZ63IH4a.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                • 44.196.3.45
                                                                                                                                                                                                                                                478y7Ve1JG.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                • 44.196.3.45
                                                                                                                                                                                                                                                busquedasxurl.comhSyJxPUUDx.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 82.180.136.22
                                                                                                                                                                                                                                                6mYofUPYD4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 82.180.136.22
                                                                                                                                                                                                                                                okG6LaM2yP.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                • 82.180.136.22
                                                                                                                                                                                                                                                IABrPTTzHo.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 82.180.136.22
                                                                                                                                                                                                                                                d7rnBT699m.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 82.180.136.22
                                                                                                                                                                                                                                                L5cZ63IH4a.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                • 82.180.136.22
                                                                                                                                                                                                                                                478y7Ve1JG.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                • 82.180.136.22
                                                                                                                                                                                                                                                XYYgkNDBXR.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 82.180.136.22
                                                                                                                                                                                                                                                33sKdwH6im.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                • 82.180.136.22

                                                                                                                                                                                                                                                ASNs

                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                AMAZON-AESUSJxrkpYVdCp.exeGet hashmaliciousPython Stealer, BabadedaBrowse
                                                                                                                                                                                                                                                • 34.224.200.202
                                                                                                                                                                                                                                                u08NgsGNym.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                • 34.224.200.202
                                                                                                                                                                                                                                                L5OMdZqWzq.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                • 34.224.200.202
                                                                                                                                                                                                                                                ssPp3zvWwN.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                • 34.224.200.202
                                                                                                                                                                                                                                                okG6LaM2yP.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                • 34.224.200.202
                                                                                                                                                                                                                                                I6H1RkEHlX.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                • 44.196.3.45
                                                                                                                                                                                                                                                hKgrI6tqYx.exeGet hashmaliciousPython Stealer, BabadedaBrowse
                                                                                                                                                                                                                                                • 44.196.3.45
                                                                                                                                                                                                                                                L5cZ63IH4a.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                • 44.196.3.45
                                                                                                                                                                                                                                                478y7Ve1JG.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                • 44.196.3.45
                                                                                                                                                                                                                                                BROADCOMDKhSyJxPUUDx.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 82.180.136.22
                                                                                                                                                                                                                                                6mYofUPYD4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 82.180.136.22
                                                                                                                                                                                                                                                okG6LaM2yP.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                • 82.180.136.22
                                                                                                                                                                                                                                                IABrPTTzHo.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 82.180.136.22
                                                                                                                                                                                                                                                d7rnBT699m.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 82.180.136.22
                                                                                                                                                                                                                                                L5cZ63IH4a.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                • 82.180.136.22
                                                                                                                                                                                                                                                478y7Ve1JG.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                • 82.180.136.22
                                                                                                                                                                                                                                                XYYgkNDBXR.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 82.180.136.22
                                                                                                                                                                                                                                                33sKdwH6im.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                • 82.180.136.22

                                                                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                                                                No context

                                                                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_ARC4.pydJxrkpYVdCp.exeGet hashmaliciousPython Stealer, BabadedaBrowse
                                                                                                                                                                                                                                                  hSyJxPUUDx.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    u08NgsGNym.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                      L5OMdZqWzq.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                        ssPp3zvWwN.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                          okG6LaM2yP.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                            I6H1RkEHlX.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                              hKgrI6tqYx.exeGet hashmaliciousPython Stealer, BabadedaBrowse
                                                                                                                                                                                                                                                                33sKdwH6im.exeGet hashmaliciousPython StealerBrowse

                                                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):64
                                                                                                                                                                                                                                                                  Entropy (8bit):1.1940658735648508
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:NlllulxmH/lZ:NllUg
                                                                                                                                                                                                                                                                  MD5:D904BDD752B6F23D81E93ECA3BD8E0F3
                                                                                                                                                                                                                                                                  SHA1:026D8B0D0F79861746760B0431AD46BAD2A01676
                                                                                                                                                                                                                                                                  SHA-256:B393D3CEC8368794972E4ADD978B455A2F5BD37E3A116264DBED14DC8C67D6F2
                                                                                                                                                                                                                                                                  SHA-512:5B862B7F0BCCEF48E6A5A270C3F6271D7A5002465EAF347C6A266365F1B2CD3D88144C043D826D3456AA43484124D619BF16F9AEAB1F706463F553EE24CB5740
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                                  Preview:@...e................................. ..............@..........

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_ARC4.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):11264
                                                                                                                                                                                                                                                                  Entropy (8bit):4.703513333396807
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:96:nDzb9VD9daQ2iTrqT+6Zdp/Q0I1uLfcC75JiC4Rs89EcYyGDV90OcX6gY/7ECFV:Dzz9damqTrpYTst0E5DVPcqgY/79X
                                                                                                                                                                                                                                                                  MD5:6176101B7C377A32C01AE3EDB7FD4DE6
                                                                                                                                                                                                                                                                  SHA1:5F1CB443F9D677F313BEC07C5241AEAB57502F5E
                                                                                                                                                                                                                                                                  SHA-256:EFEA361311923189ECBE3240111EFBA329752D30457E0DBE9628A82905CD4BDB
                                                                                                                                                                                                                                                                  SHA-512:3E7373B71AE0834E96A99595CFEF2E96C0F5230429ADC0B5512F4089D1ED0D7F7F0E32A40584DFB13C41D257712A9C4E9722366F0A21B907798AE79D8CEDCF30
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                                  • Filename: JxrkpYVdCp.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  • Filename: hSyJxPUUDx.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  • Filename: u08NgsGNym.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  • Filename: L5OMdZqWzq.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  • Filename: ssPp3zvWwN.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  • Filename: okG6LaM2yP.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  • Filename: I6H1RkEHlX.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  • Filename: hKgrI6tqYx.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  • Filename: 33sKdwH6im.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*b..*b..*b..R...*b..Uc..*b.Rc..*b..*c..*b..Ug..*b..Uf..*b..Ua..*b..j..*b..b..*b....*b..`..*b.Rich.*b.................PE..d....e.........." ...%............P........................................p............`.........................................P(.......(..d....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata..,.... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..,....`.......*..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_Salsa20.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):13312
                                                                                                                                                                                                                                                                  Entropy (8bit):4.968452734961967
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:96:JF3TgNlF/1Nt5aSd4+1ijg0NLfFNJSCqsstXHTeH5ht47qMbxbfDqbwYH/kcX6gT:WF/1nb2mhQtkXHTeZ87VDqrMcqgYvEp
                                                                                                                                                                                                                                                                  MD5:371776A7E26BAEB3F75C93A8364C9AE0
                                                                                                                                                                                                                                                                  SHA1:BF60B2177171BA1C6B4351E6178529D4B082BDA9
                                                                                                                                                                                                                                                                  SHA-256:15257E96D1CA8480B8CB98F4C79B6E365FE38A1BA9638FC8C9AB7FFEA79C4762
                                                                                                                                                                                                                                                                  SHA-512:C23548FBCD1713C4D8348917FF2AB623C404FB0E9566AB93D147C62E06F51E63BDAA347F2D203FE4F046CE49943B38E3E9FA1433F6455C97379F2BC641AE7CE9
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8......x9..d....`.......P..L............p..,....3...............................1..@............0...............................text...(........................... ..`.rdata.......0......................@..@.data...8....@.......*..............@....pdata..L....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..,....p.......2..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_chacha20.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):13824
                                                                                                                                                                                                                                                                  Entropy (8bit):5.061461040216793
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:ldF/1nb2mhQtkXn0t/WS60YYDEiqvdvGyv9lkVcqgYvEMo:v2f6XSZ6XYD6vdvGyv9MgYvEMo
                                                                                                                                                                                                                                                                  MD5:CB5238E2D4149636377F9A1E2AF6DC57
                                                                                                                                                                                                                                                                  SHA1:038253BABC9E652BA4A20116886209E2BCCF35AC
                                                                                                                                                                                                                                                                  SHA-256:A8D3BB9CD6A78EBDB4F18693E68B659080D08CB537F9630D279EC9F26772EFC7
                                                                                                                                                                                                                                                                  SHA-512:B1E6AB509CF1E5ECC6A60455D6900A76514F8DF43F3ABC3B8D36AF59A3DF8A868B489ED0B145D0D799AAC8672CBF5827C503F383D3F38069ABF6056ECCD87B21
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8.......9..d....`.......P..d............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......,..............@....pdata..d....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_pkcs1_decode.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):13824
                                                                                                                                                                                                                                                                  Entropy (8bit):5.236167046748013
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:/siHXqpoUol3xZhRyQX5lDnRDFYav+tcqgRvE:h6D+XBDgDgRvE
                                                                                                                                                                                                                                                                  MD5:D9E7218460AEE693BEA07DA7C2B40177
                                                                                                                                                                                                                                                                  SHA1:9264D749748D8C98D35B27BEFE6247DA23FF103D
                                                                                                                                                                                                                                                                  SHA-256:38E423D3BCC32EE6730941B19B7D5D8872C0D30D3DD8F9AAE1442CB052C599AD
                                                                                                                                                                                                                                                                  SHA-512:DDB579E2DEA9D266254C0D9E23038274D9AE33F0756419FD53EC6DC1A27D1540828EE8F4AD421A5CFFD9B805F1A68F26E70BDC1BAB69834E8ACD6D7BB7BDB0DB
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K..*...*...*...R...*...U...*..R...*...*...*...U...*...U...*...U...*.....*.....*...}..*.....*..Rich.*..........................PE..d....e.........." ...%............P.....................................................`..........................................9.......9..d....`.......P..|............p..,....3...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@.......,..............@....pdata..|....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_aes.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):36352
                                                                                                                                                                                                                                                                  Entropy (8bit):6.558176937399355
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:384:Dz2P+7nYpPMedFDlDchrVX1mEVmT9ZgkoD/PKDkGuF0U390QOo8VdbKBWmuCLg46:DzeqWB7YJlmLJ3oD/S4j990th9VCsC
                                                                                                                                                                                                                                                                  MD5:F751792DF10CDEED391D361E82DAF596
                                                                                                                                                                                                                                                                  SHA1:3440738AF3C88A4255506B55A673398838B4CEAC
                                                                                                                                                                                                                                                                  SHA-256:9524D1DADCD2F2B0190C1B8EDE8E5199706F3D6C19D3FB005809ED4FEBF3E8B5
                                                                                                                                                                                                                                                                  SHA-512:6159F245418AB7AD897B02F1AADF1079608E533B9C75006EFAF24717917EAA159846EE5DFC0E85C6CFF8810319EFECBA80C1D51D1F115F00EC1AFF253E312C00
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*b..*b..*b..R...*b..Uc..*b.Rc..*b..*c..*b..Ug..*b..Uf..*b..Ua..*b..j..*b..b..*b....*b..`..*b.Rich.*b.................PE..d....e.........." ...%.H...H......P.....................................................`.................................................,...d...............................4... ...................................@............`...............................text....F.......H.................. ..`.rdata..d6...`...8...L..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_aesni.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):15872
                                                                                                                                                                                                                                                                  Entropy (8bit):5.285191078037458
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:wJBjJHEkEPYi3Xd+dc26E4++yuqAyXW9wifD4jqccqgwYUMvEW:ikRwi3wO26Ef+yuIm9PfD7wgwYUMvE
                                                                                                                                                                                                                                                                  MD5:BBEA5FFAE18BF0B5679D5C5BCD762D5A
                                                                                                                                                                                                                                                                  SHA1:D7C2721795113370377A1C60E5CEF393473F0CC5
                                                                                                                                                                                                                                                                  SHA-256:1F4288A098DA3AAC2ADD54E83C8C9F2041EC895263F20576417A92E1E5B421C1
                                                                                                                                                                                                                                                                  SHA-512:0932EC5E69696D6DD559C30C19FC5A481BEFA38539013B9541D84499F2B6834A2FFE64A1008A1724E456FF15DDA6268B7B0AD8BA14918E2333567277B3716CC4
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........TX..:...:...:.....:..;...:...;...:...;...:..?...:..>...:..9...:..R2...:..R:...:..R....:..R8...:.Rich..:.................PE..d....e.........." ...%. ... ......P.....................................................`..........................................9......D:..d....`.......P...............p..,....3...............................1..@............0.. ............................text...h........ .................. ..`.rdata.......0.......$..............@..@.data...(....@.......4..............@....pdata.......P.......6..............@..@.rsrc........`.......:..............@..@.reloc..,....p.......<..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_arc2.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):16384
                                                                                                                                                                                                                                                                  Entropy (8bit):5.505471888568532
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:vd9VkyQ5f8vjVaCHpKpTTjaNe7oca2DW3Q2dhmdcqgwNeecBih:JkP5cjIGpKlqD2D4kzgwNeE
                                                                                                                                                                                                                                                                  MD5:D2175300E065347D13211F5BF7581602
                                                                                                                                                                                                                                                                  SHA1:3AE92C0B0ECDA1F6B240096A4E68D16D3DB1FFB0
                                                                                                                                                                                                                                                                  SHA-256:94556934E3F9EE73C77552D2F3FC369C02D62A4C9E7143E472F8E3EE8C00AEE1
                                                                                                                                                                                                                                                                  SHA-512:6156D744800206A431DEE418A1C561FFB45D726DC75467A91D26EE98503B280C6595CDEA02BDA6A023235BD010835EA1FC9CB843E9FEC3501980B47B6B490AF7
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%."... ......P.....................................................`.........................................0J.......J..d....p.......`..................,....C...............................B..@............@...............................text....!.......".................. ..`.rdata.......@.......&..............@..@.data...8....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..,............>..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_blowfish.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):20992
                                                                                                                                                                                                                                                                  Entropy (8bit):6.06124024160806
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:384:bUv5cJMOZA0nmwBD+XpJgLa0Mp8Qpg4P2llyM:0K1XBD+DgLa1yTi
                                                                                                                                                                                                                                                                  MD5:45616B10ABE82D5BB18B9C3AB446E113
                                                                                                                                                                                                                                                                  SHA1:91B2C0B0F690AE3ABFD9B0B92A9EA6167049B818
                                                                                                                                                                                                                                                                  SHA-256:F348DB1843B8F38A23AEE09DD52FB50D3771361C0D529C9C9E142A251CC1D1EC
                                                                                                                                                                                                                                                                  SHA-512:ACEA8C1A3A1FA19034FD913C8BE93D5E273B7719D76CB71C36F510042918EA1D9B44AC84D849570F9508D635B4829D3E10C36A461EC63825BA178F5AC1DE85FB
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%.$...0......P.....................................................`.........................................pY.......Z..d............p..................4...@S...............................R..@............@...............................text....".......$.................. ..`.rdata..L....@... ...(..............@..@.data...8....`.......H..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc..4............P..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_cast.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):25088
                                                                                                                                                                                                                                                                  Entropy (8bit):6.475467273446457
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:384:oc6HLZiMDFuGu+XHZXmrfXA+UA10ol31tuXy4IYgLWi:B6H1TZXX5XmrXA+NNxWiFdLWi
                                                                                                                                                                                                                                                                  MD5:CF3C2F35C37AA066FA06113839C8A857
                                                                                                                                                                                                                                                                  SHA1:39F3B0AEFB771D871A93681B780DA3BD85A6EDD0
                                                                                                                                                                                                                                                                  SHA-256:1261783F8881642C3466B96FA5879A492EA9E0DAB41284ED9E4A82E8BCF00C80
                                                                                                                                                                                                                                                                  SHA-512:1C36B80AAE49FD5E826E95D83297AE153FDB2BC652A47D853DF31449E99D5C29F42ED82671E2996AF60DCFB862EC5536BB0A68635D4E33D33F8901711C0C8BE6
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%.$...@............................................................`.........................................@i.......i..d...............................4....b...............................a..@............@...............................text....#.......$.................. ..`.rdata.......@...0...(..............@..@.data...8....p.......X..............@....pdata...............Z..............@..@.rsrc................^..............@..@.reloc..4............`..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_cbc.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):12288
                                                                                                                                                                                                                                                                  Entropy (8bit):4.838534302892255
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:0F/1nb2mhQtkr+juOxKbDbnHcqgYvEkrK:u2f6iuOsbDtgYvEmK
                                                                                                                                                                                                                                                                  MD5:20708935FDD89B3EDDEEA27D4D0EA52A
                                                                                                                                                                                                                                                                  SHA1:85A9FE2C7C5D97FD02B47327E431D88A1DC865F7
                                                                                                                                                                                                                                                                  SHA-256:11DD1B49F70DB23617E84E08E709D4A9C86759D911A24EBDDFB91C414CC7F375
                                                                                                                                                                                                                                                                  SHA-512:F28C31B425DC38B5E9AD87B95E8071997E4A6F444608E57867016178CD0CA3E9F73A4B7F2A0A704E45F75B7DCFF54490510C6BF8461F3261F676E9294506D09B
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8.......9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_cfb.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):13824
                                                                                                                                                                                                                                                                  Entropy (8bit):4.9047185025862925
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:NRgPX8lvI+KnwSDTPUDEhKWPXcqgzQkvEd:2og9rUD9mpgzQkvE
                                                                                                                                                                                                                                                                  MD5:43BBE5D04460BD5847000804234321A6
                                                                                                                                                                                                                                                                  SHA1:3CAE8C4982BBD73AF26EB8C6413671425828DBB7
                                                                                                                                                                                                                                                                  SHA-256:FAA41385D0DB8D4EE2EE74EE540BC879CF2E884BEE87655FF3C89C8C517EED45
                                                                                                                                                                                                                                                                  SHA-512:DBC60F1D11D63BEBBAB3C742FB827EFBDE6DFF3C563AE1703892D5643D5906751DB3815B97CBFB7DA5FCD306017E4A1CDCC0CDD0E61ADF20E0816F9C88FE2C9B
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*...*...*...RQ..*...U...*..R...*...*...*...U...*...U...*...U...*......*......*...=..*......*..Rich.*..................PE..d....e.........." ...%..... ......P.....................................................`..........................................9.......9..d....`.......P..d............p..,....3...............................1..@............0...............................text...(........................... ..`.rdata.......0......................@..@.data...8....@.......,..............@....pdata..d....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_ctr.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):14848
                                                                                                                                                                                                                                                                  Entropy (8bit):5.300163691206422
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:j0J1gSHxKkwv0i8XSi3Sm57NEEE/qexUEtDrdkrRcqgUF6+6vEX:jM01si8XSi3SACqe7tDeDgUUjvE
                                                                                                                                                                                                                                                                  MD5:C6B20332B4814799E643BADFFD8DF2CD
                                                                                                                                                                                                                                                                  SHA1:E7DA1C1F09F6EC9A84AF0AB0616AFEA55A58E984
                                                                                                                                                                                                                                                                  SHA-256:61C7A532E108F67874EF2E17244358DF19158F6142680F5B21032BA4889AC5D8
                                                                                                                                                                                                                                                                  SHA-512:D50C7F67D2DFB268AD4CF18E16159604B6E8A50EA4F0C9137E26619FD7835FAAD323B5F6A2B8E3EC1C023E0678BCBE5D0F867CD711C5CD405BD207212228B2B4
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K,..*B..*B..*B..R...*B..UC..*B.RC..*B..*C..*B..UG..*B..UF..*B..UA..*B..J..*B..B..*B....*B..@..*B.Rich.*B.........................PE..d....e.........." ...%..... ......P.....................................................`..........................................9......x:..d....`.......P...............p..,....3...............................1..@............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..,....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_des.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):57856
                                                                                                                                                                                                                                                                  Entropy (8bit):4.260220483695234
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:384:9XUqVT1dZ/GHkJnYcZiGKdZHDLtiduprZNZY0JAIg+v:99HGHfJidSK
                                                                                                                                                                                                                                                                  MD5:0B538205388FDD99A043EE3AFAA074E4
                                                                                                                                                                                                                                                                  SHA1:E0DD9306F1DBE78F7F45A94834783E7E886EB70F
                                                                                                                                                                                                                                                                  SHA-256:C4769D3E6EB2A2FECB5DEC602D45D3E785C63BB96297268E3ED069CC4A019B1A
                                                                                                                                                                                                                                                                  SHA-512:2F4109E42DB7BC72EB50BCCC21EB200095312EA00763A255A38A4E35A77C04607E1DB7BB69A11E1D80532767B20BAA4860C05F52F32BF1C81FE61A7ECCEB35ED
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........................................................K......K......Ki.....K.....Rich...........................PE..d....e.........." ...%.8...................................................0............`.....................................................d...............l............ ..4...................................@...@............P...............................text....7.......8.................. ..`.rdata..f....P.......<..............@..@.data...8...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..4.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_des3.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):58368
                                                                                                                                                                                                                                                                  Entropy (8bit):4.276870967324261
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:384:9jUqho9weF5/eHkRnYcZiGKdZHDL7idErZjZYXGg:9RCneH//id42
                                                                                                                                                                                                                                                                  MD5:6C3E976AB9F47825A5BD9F73E8DBA74E
                                                                                                                                                                                                                                                                  SHA1:4C6EB447FE8F195CF7F4B594CE7EAF928F52B23A
                                                                                                                                                                                                                                                                  SHA-256:238CDB6B8FB611DB4626E6D202E125E2C174C8F73AE8A3273B45A0FC18DEA70C
                                                                                                                                                                                                                                                                  SHA-512:B19516F00CC0484D9CDA82A482BBFE41635CDBBE19C13F1E63F033C9A68DD36798C44F04D6BD8BAE6523A845E852D81ACADD0D5DD86AF62CC9D081B803F8DF7B
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........................................................K......K......Ki.....K.....Rich...........................PE..d....e.........." ...%.:...................................................0............`.................................................P...d............................ ..4...................................@...@............P...............................text...x9.......:.................. ..`.rdata.......P.......>..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..4.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_ecb.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):10752
                                                                                                                                                                                                                                                                  Entropy (8bit):4.578113904149635
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:96:R0qVVdJvbrqTu6ZdpvY0IluLfcC75JiCKs89EpmFWLOXDwo2Pj15XkcX6gbW6z:DVddiT7pgTctEEI4qXDo11kcqgbW6
                                                                                                                                                                                                                                                                  MD5:FEE13D4FB947835DBB62ACA7EAFF44EF
                                                                                                                                                                                                                                                                  SHA1:7CC088AB68F90C563D1FE22D5E3C3F9E414EFC04
                                                                                                                                                                                                                                                                  SHA-256:3E0D07BBF93E0748B42B1C2550F48F0D81597486038C22548224584AE178A543
                                                                                                                                                                                                                                                                  SHA-512:DEA92F935BC710DF6866E89CC6EB5B53FC7ADF0F14F3D381B89D7869590A1B0B1F98F347664F7A19C6078E7AA3EB0F773FFCB711CC4275D0ECD54030D6CF5CB2
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.`.r.`.r.`.{...p.`.g.a.p.`.9.a.q.`.r.a.Q.`.g.e.y.`.g.d.z.`.g.c.q.`.H.h.s.`.H.`.s.`.H...s.`.H.b.s.`.Richr.`.................PE..d....e.........." ...%............P........................................p............`.........................................p'......((..P....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_eksblowfish.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):22016
                                                                                                                                                                                                                                                                  Entropy (8bit):6.143719741413071
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:384:IUv5cRUtPQtjLJiKMjNrDF6pJgLa0Mp8Q90gYP2lXCM:BKR8I+K0lDFQgLa17zU
                                                                                                                                                                                                                                                                  MD5:76F88D89643B0E622263AF676A65A8B4
                                                                                                                                                                                                                                                                  SHA1:93A365060E98890E06D5C2D61EFBAD12F5D02E06
                                                                                                                                                                                                                                                                  SHA-256:605C86145B3018A5E751C6D61FD0F85CF4A9EBF2AD1F3009A4E68CF9F1A63E49
                                                                                                                                                                                                                                                                  SHA-512:979B97AAC01633C46C048010FA886EBB09CFDB5520E415F698616987AE850FD342A4210A8DC0FAC1E059599F253565862892171403F5E4F83754D02D2EF3F366
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%.(...0......P.....................................................`.........................................pY.......Z..d............p..................4...@S...............................R..@............@...............................text...X'.......(.................. ..`.rdata..T....@... ...,..............@..@.data...8....`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..4............T..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_ocb.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):17920
                                                                                                                                                                                                                                                                  Entropy (8bit):5.353267174592179
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:384:7PHNP3Mj7Be/yB/6sB3yxcb+IMcOYqQViCBD8bg6Vf4A:hPcnB8KSsB34cb+bcOYpMCBDX
                                                                                                                                                                                                                                                                  MD5:D48BFFA1AF800F6969CFB356D3F75AA6
                                                                                                                                                                                                                                                                  SHA1:2A0D8968D74EBC879A17045EFE86C7FB5C54AEE6
                                                                                                                                                                                                                                                                  SHA-256:4AA5E9CE7A76B301766D3ECBB06D2E42C2F09D0743605A91BF83069FEFE3A4DE
                                                                                                                                                                                                                                                                  SHA-512:30D14AD8C68B043CC49EAFB460B69E83A15900CB68B4E0CBB379FF5BA260194965EF300EB715308E7211A743FF07FA7F8779E174368DCAA7F704E43068CC4858
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.(... ......P.....................................................`..........................................I.......J..d....p.......`..................,....C...............................A..@............@...............................text....'.......(.................. ..`.rdata..8....@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..,............D..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Cipher\_raw_ofb.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):12288
                                                                                                                                                                                                                                                                  Entropy (8bit):4.741247880746506
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:0F/1nb2mhQtkgU7L9D037tfcqgYvEJPb:u2f6L9DSJxgYvEJj
                                                                                                                                                                                                                                                                  MD5:4D9182783EF19411EBD9F1F864A2EF2F
                                                                                                                                                                                                                                                                  SHA1:DDC9F878B88E7B51B5F68A3F99A0857E362B0361
                                                                                                                                                                                                                                                                  SHA-256:C9F4C5FFCDD4F8814F8C07CE532A164AB699AE8CDE737DF02D6ECD7B5DD52DBD
                                                                                                                                                                                                                                                                  SHA-512:8F983984F0594C2CAC447E9D75B86D6EC08ED1C789958AFA835B0D1239FD4D7EBE16408D080E7FCE17C379954609A93FC730B11BE6F4A024E7D13D042B27F185
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8.......9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_BLAKE2b.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):14848
                                                                                                                                                                                                                                                                  Entropy (8bit):5.212941287344097
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:2F/1nb2mhQtkRySMfJ2ycxFzShJD9bAal2QDeJKcqgQx2QY:M2fKRQB2j8JD2fJagQx2QY
                                                                                                                                                                                                                                                                  MD5:F4EDB3207E27D5F1ACBBB45AAFCB6D02
                                                                                                                                                                                                                                                                  SHA1:8EAB478CA441B8AD7130881B16E5FAD0B119D3F0
                                                                                                                                                                                                                                                                  SHA-256:3274F49BE39A996C5E5D27376F46A1039B6333665BB88AF1CA6D37550FA27B29
                                                                                                                                                                                                                                                                  SHA-512:7BDEBF9829CB26C010FCE1C69E7580191084BCDA3E2847581D0238AF1CAA87E68D44B052424FDC447434D971BB481047F8F2DA1B1DEF6B18684E79E63C6FBDC5
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%..... ......P.....................................................`..........................................9......|:..d....`.......P..@............p..,....3...............................2..@............0...............................text...X........................... ..`.rdata.......0....... ..............@..@.data...8....@.......0..............@....pdata..@....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..,....p.......8..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_BLAKE2s.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):14336
                                                                                                                                                                                                                                                                  Entropy (8bit):5.181291194389683
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:hF/1nb2mhQt7fSOp/CJPvADQHKtxSOvbcqgEvcM+:N2fNKOZWPIDnxVlgEvL
                                                                                                                                                                                                                                                                  MD5:9D28433EA8FFBFE0C2870FEDA025F519
                                                                                                                                                                                                                                                                  SHA1:4CC5CF74114D67934D346BB39CA76F01F7ACC3E2
                                                                                                                                                                                                                                                                  SHA-256:FC296145AE46A11C472F99C5BE317E77C840C2430FBB955CE3F913408A046284
                                                                                                                                                                                                                                                                  SHA-512:66B4D00100D4143EA72A3F603FB193AFA6FD4EFB5A74D0D17A206B5EF825E4CC5AF175F5FB5C40C022BDE676BA7A83087CB95C9F57E701CA4E7F0A2FCE76E599
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%..... ......P.....................................................`.........................................09.......9..d....`.......P..@............p..,....3...............................2..@............0...............................text...8........................... ..`.rdata..4....0......................@..@.data...8....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..,....p.......6..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_MD2.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):14336
                                                                                                                                                                                                                                                                  Entropy (8bit):5.140195114409974
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:RsiHXqpo0cUp8XnUp8XjEQnlDtJI6rcqgcx2:f6DcUp8XUp8AclDA69gcx2
                                                                                                                                                                                                                                                                  MD5:8A92EE2B0D15FFDCBEB7F275154E9286
                                                                                                                                                                                                                                                                  SHA1:FA9214C8BBF76A00777DFE177398B5F52C3D972D
                                                                                                                                                                                                                                                                  SHA-256:8326AE6AD197B5586222AFA581DF5FE0220A86A875A5E116CB3828E785FBF5C2
                                                                                                                                                                                                                                                                  SHA-512:7BA71C37AAF6CB10FC5C595D957EB2846032543626DE740B50D7CB954FF910DCF7CEAA56EB161BAB9CC1F663BADA6CA71973E6570BAC7D6DA4D4CC9ED7C6C3DA
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%..... ......P.....................................................`..........................................9......0:..d....`.......P..(............p..,....4...............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..,....p.......6..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_MD4.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):13824
                                                                                                                                                                                                                                                                  Entropy (8bit):5.203867759982304
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:WsiHXqpwUiv6wPf+4WVrd1DFrCqwWwcqgfvE:s6biio2Pd1DFmlgfvE
                                                                                                                                                                                                                                                                  MD5:FE16E1D12CF400448E1BE3FCF2D7BB46
                                                                                                                                                                                                                                                                  SHA1:81D9F7A2C6540F17E11EFE3920481919965461BA
                                                                                                                                                                                                                                                                  SHA-256:ADE1735800D9E82B787482CCDB0FBFBA949E1751C2005DCAE43B0C9046FE096F
                                                                                                                                                                                                                                                                  SHA-512:A0463FF822796A6C6FF3ACEBC4C5F7BA28E7A81E06A3C3E46A0882F536D656D3F8BAF6FB748008E27F255FE0F61E85257626010543FC8A45A1E380206E48F07C
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%............P.....................................................`.........................................p8...... 9..d....`.......P..(............p..,...@3...............................2..@............0...............................text...X........................... ..`.rdata..p....0......................@..@.data...p....@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_MD5.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):15360
                                                                                                                                                                                                                                                                  Entropy (8bit):5.478301937972917
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:hZ9WXA7M93g8U7soSchhiLdjM5J6ECTGmDZkRsP0rcqgjPrvE:8Q0gH7zSccA5J6ECTGmDua89gjPrvE
                                                                                                                                                                                                                                                                  MD5:34EBB5D4A90B5A39C5E1D87F61AE96CB
                                                                                                                                                                                                                                                                  SHA1:25EE80CC1E647209F658AEBA5841F11F86F23C4E
                                                                                                                                                                                                                                                                  SHA-256:4FC70CB9280E414855DA2C7E0573096404031987C24CF60822854EAA3757C593
                                                                                                                                                                                                                                                                  SHA-512:82E27044FD53A7309ABAECA06C077A43EB075ADF1EF0898609F3D9F42396E0A1FA4FFD5A64D944705BBC1B1EBB8C2055D8A420807693CC5B70E88AB292DF81B7
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%. ..........P.....................................................`..........................................8.......9..d....`.......P..X............p..,....3...............................1..@............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..,....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_RIPEMD160.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):18432
                                                                                                                                                                                                                                                                  Entropy (8bit):5.69608744353984
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:384:nkP5RjF7GsIyV6Lx41NVYaVmtShQRKAa8+DSngkov:onx7RI26LuuHKz8+DbN
                                                                                                                                                                                                                                                                  MD5:42C2F4F520BA48779BD9D4B33CD586B9
                                                                                                                                                                                                                                                                  SHA1:9A1D6FFA30DCA5CE6D70EAC5014739E21A99F6D8
                                                                                                                                                                                                                                                                  SHA-256:2C6867E88C5D3A83D62692D24F29624063FCE57F600483BAD6A84684FF22F035
                                                                                                                                                                                                                                                                  SHA-512:1F0C18E1829A5BAE4A40C92BA7F8422D5FE8DBE582F7193ACEC4556B4E0593C898956065F398ACB34014542FCB3365DC6D4DA9CE15CB7C292C8A2F55FB48BB2B
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%.*... ......P.....................................................`..........................................I.......J..d....p.......`..................,....D..............................PC..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data...8....P.......>..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc..,............F..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_SHA1.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):19456
                                                                                                                                                                                                                                                                  Entropy (8bit):5.7981108922569735
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:384:qPHNP3MjevhSY/8EBbVxcJ0ihTLdFDuPHgj+kf4D:sPcKvr/jUJ0sbDGAj+t
                                                                                                                                                                                                                                                                  MD5:AB0BCB36419EA87D827E770A080364F6
                                                                                                                                                                                                                                                                  SHA1:6D398F48338FB017AACD00AE188606EB9E99E830
                                                                                                                                                                                                                                                                  SHA-256:A927548ABEA335E6BCB4A9EE0A949749C9E4AA8F8AAD481CF63E3AC99B25A725
                                                                                                                                                                                                                                                                  SHA-512:3580FB949ACEE709836C36688457908C43860E68A36D3410F3FA9E17C6A66C1CDD7C081102468E4E92E5F42A0A802470E8F4D376DAA4ED7126818538E0BD0BC4
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.0..........P.....................................................`..........................................H.......I..d....p.......`..X...............,....C...............................A..@............@...............................text..../.......0.................. ..`.rdata.......@.......4..............@..@.data........P.......B..............@....pdata..X....`.......D..............@..@.rsrc........p.......H..............@..@.reloc..,............J..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_SHA224.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):22016
                                                                                                                                                                                                                                                                  Entropy (8bit):5.865452719694432
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:384:y1jwGPJHLvzcY1EEerju9LcTZ6RO3RouLKtcyDNOcwgjxo:QjwyJUYToZwOLuzDNB1j
                                                                                                                                                                                                                                                                  MD5:C8FE3FF9C116DB211361FBB3EA092D33
                                                                                                                                                                                                                                                                  SHA1:180253462DD59C5132FBCCC8428DEA1980720D26
                                                                                                                                                                                                                                                                  SHA-256:25771E53CFECB5462C0D4F05F7CAE6A513A6843DB2D798D6937E39BA4B260765
                                                                                                                                                                                                                                                                  SHA-512:16826BF93C8FA33E0B5A2B088FB8852A2460E0A02D699922A39D8EB2A086E981B5ACA2B085F7A7DA21906017C81F4D196B425978A10F44402C5DB44B2BF4D00A
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.8... ......P.....................................................`..........................................Z.......[..d............p..................,... T...............................R..@............P...............................text....6.......8.................. ..`.rdata.......P.......<..............@..@.data........`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..,............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_SHA256.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):22016
                                                                                                                                                                                                                                                                  Entropy (8bit):5.867732744112887
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:384:51jwGPJHLxzcY1EEerju9LcTZ6RO3RouLKtcyDNIegjxo:rjwyJOYToZwOLuzDNI7j
                                                                                                                                                                                                                                                                  MD5:A442EA85E6F9627501D947BE3C48A9DD
                                                                                                                                                                                                                                                                  SHA1:D2DEC6E1BE3B221E8D4910546AD84FE7C88A524D
                                                                                                                                                                                                                                                                  SHA-256:3DBCB4D0070BE355E0406E6B6C3E4CE58647F06E8650E1AB056E1D538B52B3D3
                                                                                                                                                                                                                                                                  SHA-512:850A00C7069FFDBA1EFE1324405DA747D7BD3BA5D4E724D08A2450B5A5F15A69A0D3EAF67CEF943F624D52A4E2159A9F7BDAEAFDC6C689EACEA9987414250F3B
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.8... ......P.....................................................`..........................................Z.......[..d............p..................,... T...............................R..@............P...............................text....6.......8.................. ..`.rdata.......P.......<..............@..@.data........`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..,............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_SHA384.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):27136
                                                                                                                                                                                                                                                                  Entropy (8bit):5.860044313282322
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:384:xFDL3RqE3MjjQ95UnLa+1WT1aA7qHofg5JptfISH2mDDXfgjVx2:jDLh98jjRe+1WT1aAeIfMzxH2mDDIj
                                                                                                                                                                                                                                                                  MD5:59BA0E05BE85F48688316EE4936421EA
                                                                                                                                                                                                                                                                  SHA1:1198893F5916E42143C0B0F85872338E4BE2DA06
                                                                                                                                                                                                                                                                  SHA-256:C181F30332F87FEECBF930538E5BDBCA09089A2833E8A088C3B9F3304B864968
                                                                                                                                                                                                                                                                  SHA-512:D772042D35248D25DB70324476021FB4303EF8A0F61C66E7DED490735A1CC367C2A05D7A4B11A2A68D7C34427971F96FF7658D880E946C31C17008B769E3B12F
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.J..."......P.....................................................`......................................... l.......m..d...............................,....e...............................d..@............`...............................text...hH.......J.................. ..`.rdata..X....`.......N..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..,............h..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_SHA512.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):27136
                                                                                                                                                                                                                                                                  Entropy (8bit):5.917025846093607
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:384:tFYLXRqEnMgj969GUnLa+1WT1aA7qHofg5JptfIS320DXwElrgjhig:PYLB9Mgj0e+1WT1aAeIfMzx320DXD+j
                                                                                                                                                                                                                                                                  MD5:8194D160FB215498A59F850DC5C9964C
                                                                                                                                                                                                                                                                  SHA1:D255E8CCBCE663EE5CFD3E1C35548D93BFBBFCC0
                                                                                                                                                                                                                                                                  SHA-256:55DEFCD528207D4006D54B656FD4798977BD1AAE6103D4D082A11E0EB6900B08
                                                                                                                                                                                                                                                                  SHA-512:969EEAA754519A58C352C24841852CF0E66C8A1ADBA9A50F6F659DC48C3000627503DDFB7522DA2DA48C301E439892DE9188BF94EEAF1AE211742E48204C5E42
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.J..."......P.....................................................`..........................................l.......m..d...............................,...@f...............................e..@............`...............................text....H.......J.................. ..`.rdata.......`.......N..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..,............h..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_ghash_clmul.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):12800
                                                                                                                                                                                                                                                                  Entropy (8bit):4.999870226643325
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:DzFRF/1nb2mhQtk4axusjfkgZhoYDQgRjcqgQvEty:DzFd2f64axnTTz5D1gQvEty
                                                                                                                                                                                                                                                                  MD5:C89BECC2BECD40934FE78FCC0D74D941
                                                                                                                                                                                                                                                                  SHA1:D04680DF546E2D8A86F60F022544DB181F409C50
                                                                                                                                                                                                                                                                  SHA-256:E5B6E58D6DA8DB36B0673539F0C65C80B071A925D2246C42C54E9FCDD8CA08E3
                                                                                                                                                                                                                                                                  SHA-512:715B3F69933841BAADC1C30D616DB34E6959FD9257D65E31C39CD08C53AFA5653B0E87B41DCC3C5E73E57387A1E7E72C0A668578BD42D5561F4105055F02993C
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*b..*b..*b..R...*b..Uc..*b.Rc..*b..*c..*b..Ug..*b..Uf..*b..Ua..*b..j..*b..b..*b....*b..`..*b.Rich.*b.................PE..d....e.........." ...%............P.....................................................`..........................................8......89..d....`.......P...............p..,....3...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..,....p.......0..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_ghash_portable.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):13312
                                                                                                                                                                                                                                                                  Entropy (8bit):5.025153056783597
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:AF/1nb2mhQtks0iiNqdF4mtPjD02A5APYcqgYvEL2x:62f6fFA/4GjDFcgYvEL2x
                                                                                                                                                                                                                                                                  MD5:C4CC05D3132FDFB05089F42364FC74D2
                                                                                                                                                                                                                                                                  SHA1:DA7A1AE5D93839577BBD25952A1672C831BC4F29
                                                                                                                                                                                                                                                                  SHA-256:8F3D92DE840ABB5A46015A8FF618FF411C73009CBAA448AC268A5C619CF84721
                                                                                                                                                                                                                                                                  SHA-512:C597C70B7AF8E77BEEEBF10C32B34C37F25C741991581D67CF22E0778F262E463C0F64AA37F92FBC4415FE675673F3F92544E109E5032E488F185F1CFBC839FE
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8......h9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..,....p.......2..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_keccak.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):16384
                                                                                                                                                                                                                                                                  Entropy (8bit):5.235115741550938
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:XTRgffnRaNfBj9xih1LPK73jm6AXiN4rSRIh42gDhgvrjcqgCieT3WQ:XafgNpj9cHW3jqXeBRamDOZgCieT
                                                                                                                                                                                                                                                                  MD5:1E201DF4B4C8A8CD9DA1514C6C21D1C4
                                                                                                                                                                                                                                                                  SHA1:3DC8A9C20313AF189A3FFA51A2EAA1599586E1B2
                                                                                                                                                                                                                                                                  SHA-256:A428372185B72C90BE61AC45224133C4AF6AE6682C590B9A3968A757C0ABD6B4
                                                                                                                                                                                                                                                                  SHA-512:19232771D4EE3011938BA2A52FA8C32E00402055038B5EDF3DDB4C8691FA7AE751A1DC16766D777A41981B7C27B14E9C1AD6EBDA7FFE1B390205D0110546EE29
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%."... ......P.....................................................`.........................................`I......TJ..d....p.......`..p...............,....C...............................B..@............@...............................text...(!.......".................. ..`.rdata.......@.......&..............@..@.data........P.......6..............@....pdata..p....`.......8..............@..@.rsrc........p.......<..............@..@.reloc..,............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Hash\_poly1305.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):15360
                                                                                                                                                                                                                                                                  Entropy (8bit):5.133714807569085
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:JZNGXEgvUh43G6coX2SSwmPL4V7wTdDlpaY2cqgWjvE:EVMhuGGF2L4STdDyYWgWjvE
                                                                                                                                                                                                                                                                  MD5:76C84B62982843367C5F5D41B550825F
                                                                                                                                                                                                                                                                  SHA1:B6DE9B9BD0E2C84398EA89365E9F6D744836E03A
                                                                                                                                                                                                                                                                  SHA-256:EBCD946F1C432F93F396498A05BF07CC77EE8A74CE9C1A283BF9E23CA8618A4C
                                                                                                                                                                                                                                                                  SHA-512:03F8BB1D0D63BF26D8A6FFF62E94B85FFB4EA1857EB216A4DEB71C806CDE107BA0F9CC7017E3779489C5CEF5F0838EDB1D70F710BCDEB629364FC288794E6AFE
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%..... ......P.....................................................`......................................... 9.......9..d....`.......P..|............p..,....3...............................1..@............0...............................text...X........................... ..`.rdata..(....0......."..............@..@.data........@.......2..............@....pdata..|....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..,....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Math\_modexp.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):35840
                                                                                                                                                                                                                                                                  Entropy (8bit):5.928082706906375
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:768:8bEkzS7+k9rMUb8cOe9rs9ja+V/Mhjh56GS:8bEP779rMtcOCs0I/Mhf
                                                                                                                                                                                                                                                                  MD5:B41160CF884B9E846B890E0645730834
                                                                                                                                                                                                                                                                  SHA1:A0F35613839A0F8F4A87506CD59200CCC3C09237
                                                                                                                                                                                                                                                                  SHA-256:48F296CCACE3878DE1148074510BD8D554A120CAFEF2D52C847E05EF7664FFC6
                                                                                                                                                                                                                                                                  SHA-512:F4D57351A627DD379D56C80DA035195292264F49DC94E597AA6638DF5F4CF69601F72CC64FC3C29C5CBE95D72326395C5C6F4938B7895C69A8D839654CFC8F26
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N4.|.U./.U./.U./.-a/.U./.*...U./A-...U./.U./!U./.*...U./.*...U./.*...U./0....U./0....U./0../.U./0....U./Rich.U./................PE..d......e.........." ...%.^...0......`.....................................................`..........................................~..|...\...d...............................,....s...............................q..@............p..(............................text...8].......^.................. ..`.rdata.......p.......b..............@..@.data................v..............@....pdata..............................@..@.rsrc...............................@..@.reloc..,...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Protocol\_scrypt.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):12288
                                                                                                                                                                                                                                                                  Entropy (8bit):4.799063285091512
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:nkCfXASTMeAk4OepIXcADp/X6RcqgO5vE:ZJMcPepIXcAD563gO5vE
                                                                                                                                                                                                                                                                  MD5:BA46602B59FCF8B01ABB135F1534D618
                                                                                                                                                                                                                                                                  SHA1:EFF5608E05639A17B08DCA5F9317E138BEF347B5
                                                                                                                                                                                                                                                                  SHA-256:B1BAB0E04AC60D1E7917621B03A8C72D1ED1F0251334E9FA12A8A1AC1F516529
                                                                                                                                                                                                                                                                  SHA-512:A5E2771623DA697D8EA2E3212FBDDE4E19B4A12982A689D42B351B244EFBA7EFA158E2ED1A2B5BC426A6F143E7DB810BA5542017AB09B5912B3ECC091F705C6E
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*...*...*...RQ..*...U...*..R...*...*...*...U...*...U...*...U...*......*......*...=..*......*..Rich.*..................PE..d....e.........." ...%............P.....................................................`..........................................8..d...$9..d....`.......P..4............p..,....3...............................1..@............0...............................text...x........................... ..`.rdata.......0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\PublicKey\_ec_ws.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):754688
                                                                                                                                                                                                                                                                  Entropy (8bit):7.624959985050181
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:12288:I1UrmZ9HoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6h9:gYmzHoxJFf1p34hcrn5Go9yQO6L
                                                                                                                                                                                                                                                                  MD5:3F20627FDED2CF90E366B48EDF031178
                                                                                                                                                                                                                                                                  SHA1:00CED7CD274EFB217975457906625B1B1DA9EBDF
                                                                                                                                                                                                                                                                  SHA-256:E36242855879D71AC57FBD42BB4AE29C6D80B056F57B18CEE0B6B1C0E8D2CF57
                                                                                                                                                                                                                                                                  SHA-512:05DE7C74592B925BB6D37528FC59452C152E0DCFC1D390EA1C48C057403A419E5BE40330B2C5D5657FEA91E05F6B96470DDDF9D84FF05B9FD4192F73D460093C
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&:..b[.Lb[.Lb[.Lk#sLd[.Lw$.M`[.L)#.Ma[.Lb[.LI[.Lw$.Mn[.Lw$.Mj[.Lw$.Ma[.LX..Mg[.LX..Mc[.LX..Lc[.LX..Mc[.LRichb[.L........................PE..d....e.........." ...%.n..........`.....................................................`..........................................p..d...tq..d...............0...............4...@Z...............................Y..@...............(............................text....l.......n.................. ..`.rdata...............r..............@..@.data................j..............@....pdata..0............r..............@..@.rsrc...............................@..@.reloc..4...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\PublicKey\_ed25519.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):27648
                                                                                                                                                                                                                                                                  Entropy (8bit):5.792654050660321
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:384:hBwi/rOF26VZW1n0n/Is42g9qhrnW0mvPauYhz35sWJftjb1Ddsia15gkbQ0e1:/L/g28Ufsxg9GmvPauYLxtX1D/kf
                                                                                                                                                                                                                                                                  MD5:290D936C1E0544B6EC98F031C8C2E9A3
                                                                                                                                                                                                                                                                  SHA1:CAEEA607F2D9352DD605B6A5B13A0C0CB1EA26EC
                                                                                                                                                                                                                                                                  SHA-256:8B00C859E36CBCE3EC19F18FA35E3A29B79DE54DA6030AAAD220AD766EDCDF0A
                                                                                                                                                                                                                                                                  SHA-512:F08B67B633D3A3F57F1183950390A35BF73B384855EAAB3AE895101FBC07BCC4990886F8DE657635AD528D6C861BC2793999857472A5307FFAA963AA6685D7E8
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..........)......................................R......R......RE.....R.....Rich...........PE..d....e.........." ...%.F...(......P.....................................................`..........................................j..0....k..d...............................,...pc..............................0b..@............`...............................text...xD.......F.................. ..`.rdata.."....`.......J..............@..@.data................\..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..,............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\PublicKey\_ed448.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):67072
                                                                                                                                                                                                                                                                  Entropy (8bit):6.060461288575063
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:1536:nqctkGACFI5t35q2JbL0UbkrwwOoKXyMH1B7M9rMdccdWxRLpq:nqctkGACFI5t35q2JbgrwwOoqLTM9rMh
                                                                                                                                                                                                                                                                  MD5:5782081B2A6F0A3C6B200869B89C7F7D
                                                                                                                                                                                                                                                                  SHA1:0D4E113FB52FE1923FE05CDF2AB9A4A9ABEFC42E
                                                                                                                                                                                                                                                                  SHA-256:E72E06C721DD617140EDEBADD866A91CF97F7215CBB732ECBEEA42C208931F49
                                                                                                                                                                                                                                                                  SHA-512:F7FD695E093EDE26FCFD0EE45ADB49D841538EB9DAAE5B0812F29F0C942FB13762E352C2255F5DB8911F10FA1B6749755B51AAE1C43D8DF06F1D10DE5E603706
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N4.|.U./.U./.U./.-a/.U./.*...U./A-...U./.U./!U./.*...U./.*...U./.*...U./0....U./0....U./0../.U./0....U./Rich.U./................PE..d......e.........." ...%.....8......`........................................@............`.........................................`...h.......d.... .......................0..,.......................................@............................................text............................... ..`.rdata..*...........................@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..,....0......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\PublicKey\_x25519.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):10752
                                                                                                                                                                                                                                                                  Entropy (8bit):4.488437566846231
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:96:tpVVdJvbrqTu6ZdpvY0IluLfcC75JiC4cs89EfqADwhDTAbcX6gn/7EC:5VddiT7pgTctdErDwDTicqgn/7
                                                                                                                                                                                                                                                                  MD5:289EBF8B1A4F3A12614CFA1399250D3A
                                                                                                                                                                                                                                                                  SHA1:66C05F77D814424B9509DD828111D93BC9FA9811
                                                                                                                                                                                                                                                                  SHA-256:79AC6F73C71CA8FDA442A42A116A34C62802F0F7E17729182899327971CFEB23
                                                                                                                                                                                                                                                                  SHA-512:4B95A210C9A4539332E2FB894D7DE4E1B34894876CCD06EEC5B0FC6F6E47DE75C0E298CF2F3B5832C9E028861A53B8C8E8A172A3BE3EC29A2C9E346642412138
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.h.r.h.r.h.{...p.h.g.i.p.h.9.i.q.h.r.i.V.h.g.m.y.h.g.l.z.h.g.k.q.h.H.`.s.h.H.h.s.h.H...s.h.H.j.s.h.Richr.h.........................PE..d....e.........." ...%............P........................................p............`..........................................'..P...0(..P....P.......@...............`..,...P#..............................."..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Util\_cpuid_c.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):10240
                                                                                                                                                                                                                                                                  Entropy (8bit):4.730605326965181
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:96:MJVVdJvbrqTu6ZdpvY0IluLfcC75JiCKs89EVAElIijKDQGrbMZYJWJcX6gbW6s:CVddiT7pgTctEEaEDKDlMCWJcqgbW6
                                                                                                                                                                                                                                                                  MD5:4D9C33AE53B38A9494B6FBFA3491149E
                                                                                                                                                                                                                                                                  SHA1:1A069E277B7E90A3AB0DCDEE1FE244632C9C3BE4
                                                                                                                                                                                                                                                                  SHA-256:0828CAD4D742D97888D3DFCE59E82369317847651BBA0F166023CB8ACA790B2B
                                                                                                                                                                                                                                                                  SHA-512:BDFBF29198A0C7ED69204BF9E9B6174EBB9E3BEE297DD1EB8EB9EA6D7CAF1CC5E076F7B44893E58CCF3D0958F5E3BDEE12BD090714BEB5889836EE6F12F0F49E
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.`.r.`.r.`.{...p.`.g.a.p.`.9.a.q.`.r.a.Q.`.g.e.y.`.g.d.z.`.g.c.q.`.H.h.s.`.H.`.s.`.H...s.`.H.b.s.`.Richr.`.................PE..d....e.........." ...%............P........................................p............`..........................................'..|....'..P....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..,....`.......&..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\Crypto\Util\_strxor.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):10240
                                                                                                                                                                                                                                                                  Entropy (8bit):4.685843290341897
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:96:6ZVVdJvbrqTu6ZdpvY0IluLfcC75JiCKs89EMz3DHWMoG4BcX6gbW6O:IVddiT7pgTctEEO3DLoHcqgbW6
                                                                                                                                                                                                                                                                  MD5:8F4313755F65509357E281744941BD36
                                                                                                                                                                                                                                                                  SHA1:2AAF3F89E56EC6731B2A5FA40A2FE69B751EAFC0
                                                                                                                                                                                                                                                                  SHA-256:70D90DDF87A9608699BE6BBEDF89AD469632FD0ADC20A69DA07618596D443639
                                                                                                                                                                                                                                                                  SHA-512:FED2B1007E31D73F18605FB164FEE5B46034155AB5BB7FE9B255241CFA75FF0E39749200EB47A9AB1380D9F36F51AFBA45490979AB7D112F4D673A0C67899EF4
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.`.r.`.r.`.{...p.`.g.a.p.`.9.a.q.`.r.a.Q.`.g.e.y.`.g.d.z.`.g.c.q.`.H.h.s.`.H.`.s.`.H...s.`.H.b.s.`.Richr.`.................PE..d....e.........." ...%............P........................................p............`.........................................`'..t....'..P....P.......@...............`..,...."...............................!..@............ ...............................text...x........................... ..`.rdata....... ......................@..@.data...8....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..,....`.......&..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\VCRUNTIME140.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):119192
                                                                                                                                                                                                                                                                  Entropy (8bit):6.6016214745004635
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:1536:+qvQ1Dj2DkX7OcujarvmdlYNABCmgrP4ddbkZIecbWcFML/UXzlghzdMFw84hzk:+qvQ1D2CreiABCmgYecbWVLUD6h+b4ho
                                                                                                                                                                                                                                                                  MD5:BE8DBE2DC77EBE7F88F910C61AEC691A
                                                                                                                                                                                                                                                                  SHA1:A19F08BB2B1C1DE5BB61DAF9F2304531321E0E40
                                                                                                                                                                                                                                                                  SHA-256:4D292623516F65C80482081E62D5DADB759DC16E851DE5DB24C3CBB57B87DB83
                                                                                                                                                                                                                                                                  SHA-512:0DA644472B374F1DA449A06623983D0477405B5229E386ACCADB154B43B8B083EE89F07C3F04D2C0C7501EAD99AD95AECAA5873FF34C5EEB833285B598D5A655
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../c../c../c._]b./c..W.../c../b./c../c../c...`./c...g./c...f./c...c./c....../c...a./c.Rich./c.........................PE..d.....cW.........." ...&. ...d......................................................-.....`A.........................................e..4...4m...........................O...........N..p............................L..@............0...............................text...&........................... ..`fothk........ ...................... ..`.rdata..\C...0...D...$..............@..@.data...p............h..............@....pdata...............l..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............~..............@..B................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\VCRUNTIME140_1.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):49528
                                                                                                                                                                                                                                                                  Entropy (8bit):6.662491747506177
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:768:wPIyGVrxmKqOnA4j3z6Su77A+i0QLxi9z9Rtii9zn+:fBr87uW1nA8QLx+zrti+zn+
                                                                                                                                                                                                                                                                  MD5:F8DFA78045620CF8A732E67D1B1EB53D
                                                                                                                                                                                                                                                                  SHA1:FF9A604D8C99405BFDBBF4295825D3FCBC792704
                                                                                                                                                                                                                                                                  SHA-256:A113F192195F245F17389E6ECBED8005990BCB2476DDAD33F7C4C6C86327AFE5
                                                                                                                                                                                                                                                                  SHA-512:BA7F8B7AB0DEB7A7113124C28092B543E216CA08D1CF158D9F40A326FB69F4A2511A41A59EA8482A10C9EC4EC8AC69B70DFE9CA65E525097D93B819D498DA371
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9@.W}!..}!..}!...S...!..{....!..tYJ.v!..}!..N!..{...x!..{...z!..{...f!..{...|!..{.&.|!..{...|!..Rich}!..................PE..d.....v..........." ...&.<...8.......B...................................................`A........................................Pm.......m..x....................r..xO......D....c..p...........................`b..@............P..`............................text...p:.......<.................. ..`.rdata...#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\_asyncio.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):71448
                                                                                                                                                                                                                                                                  Entropy (8bit):6.244468463173389
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:1536:FRaPPkvNV036Fi9PQ1TUT8TIL11Miu0FIpOn27SyTxq:janCNV064YRUT8TIL11MV0FIpOn2S
                                                                                                                                                                                                                                                                  MD5:70FB0B118AC9FD3292DDE530E1D789B8
                                                                                                                                                                                                                                                                  SHA1:4ADC8D81E74FC04BCE64BAF4F6147078EEFBAB33
                                                                                                                                                                                                                                                                  SHA-256:F8305023F6AD81DDC7124B311E500A58914B05A9B072BF9A6D079EA0F6257793
                                                                                                                                                                                                                                                                  SHA-512:1AB72EA9F96C6153B9B5D82B01354381B04B93B7D58C0B54A441B6A748C81CCCD2FC27BB3B10350AB376FF5ADA9D83AF67CCE17E21CCBF25722BAF1F2AEF3C98
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z2.T.S...S...S...+r..S...,...S...,...S...,...S...,...S..$....S..U+...S...S...S..$....S..$....S..$....S..$....S..Rich.S..........PE..d....Are.........." ...%.f................................................... .......#....`.............................................P......d......................../..............T...........................@...@............................................text...!d.......f.................. ..`.rdata..pO.......P...j..............@..@.data...(...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\_bz2.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):84760
                                                                                                                                                                                                                                                                  Entropy (8bit):6.58578024183428
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:1536:ES7z7Sj2u5ia5ifC83zYLzbCK8CkotIpCVF7SyTUxIS:/7z+jw3MzCNCkotIpCVF+
                                                                                                                                                                                                                                                                  MD5:90F58F625A6655F80C35532A087A0319
                                                                                                                                                                                                                                                                  SHA1:D4A7834201BD796DC786B0EB923F8EC5D60F719B
                                                                                                                                                                                                                                                                  SHA-256:BD8621FCC901FA1DE3961D93184F61EA71068C436794AF2A4449738CCF949946
                                                                                                                                                                                                                                                                  SHA-512:B5BB1ECC195700AD7BEA5B025503EDD3770B1F845F9BEEE4B067235C4E63496D6E0B19BDD2A42A1B6591D1131A2DC9F627B2AE8036E294300BB6983ECD644DC8
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<..R..R..R......R...S..R.....R...W..R...V..R...Q..R...S..R..S..R..S..R..._..R...R..R......R...P..R.Rich.R.........................PE..d....Are.........." ...%.....^......|........................................P............`.............................................H............0....... ..,......../...@..........T...........................p...@............................................text...k........................... ..`.rdata..p>.......@..................@..@.data...............................@....pdata..,.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\_cffi_backend.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):182784
                                                                                                                                                                                                                                                                  Entropy (8bit):6.193615170968096
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3072:YRAMUp3K6YoDssyudy4VcRG+nR3hnW3mjwwOdkS9S7iSSTLkK/jftw3buz:Y6MyK65ssy+MG+LnSUwjD9zSSTLL/jl8
                                                                                                                                                                                                                                                                  MD5:0572B13646141D0B1A5718E35549577C
                                                                                                                                                                                                                                                                  SHA1:EEB40363C1F456C1C612D3C7E4923210EAE4CDF7
                                                                                                                                                                                                                                                                  SHA-256:D8A76D1E31BBD62A482DEA9115FC1A109CB39AF4CF6D1323409175F3C93113A7
                                                                                                                                                                                                                                                                  SHA-512:67C28432CA8B389ACC26E47EB8C4977FDDD4AF9214819F89DF07FECBC8ED750D5F35807A1B195508DD1D77E2A7A9D7265049DCFBFE7665A7FD1BA45DA1E4E842
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........(...I.C.I.C.I.C.1MC.I.C.<.B.I.C.&#C.I.C.<.B.I.C.<.B.I.C.<.B.I.C.1.B.I.C.4.B.I.C.I.C I.C.<.B.I.C.1KC.I.C.<.B.I.C.<!C.I.C.<.B.I.CRich.I.C................PE..d...g..e.........." .........@......`........................................@............`..........................................w..l....w....... ..........l............0.......]...............................]..8............................................text............................... ..`.rdata..............................@..@.data...h].......0...|..............@....pdata..l...........................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\_ctypes.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):125208
                                                                                                                                                                                                                                                                  Entropy (8bit):6.126925801052556
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3072:PGTMA4TPG40srrYLGNyf/ECZGKgyWLRECBIpLPIuE:Otgp0swLvf/EKCkE
                                                                                                                                                                                                                                                                  MD5:452305C8C5FDA12F082834C3120DB10A
                                                                                                                                                                                                                                                                  SHA1:9BAB7B3FD85B3C0F2BEDC3C5ADB68B2579DAA6E7
                                                                                                                                                                                                                                                                  SHA-256:543CE9D6DC3693362271A2C6E7D7FC07AD75327E0B0322301DD29886467B0B0E
                                                                                                                                                                                                                                                                  SHA-512:3D52AFDBC8DA74262475ABC8F81415A0C368BE70DBF5B2BD87C9C29CA3D14C44770A5B8B2E7C082F3ECE0FD2BA1F98348A04B106A48D479FA6BD062712BE8F7C
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......x...<...<...<...5.*.:...)...>...)...0...)...4...)...8.......>...w...=...w...:.......?...<..........:.......=.....F.=.......=...Rich<...........................PE..d....Are.........." ...%............`_....................................................`.........................................``.......`.........................../......p.......T...............................@............................................text............................... ..`.rdata..Xl.......n..................@..@.data....4.......0...j..............@....pdata..............................@..@.rsrc...............................@..@.reloc..p...........................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\_decimal.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):253208
                                                                                                                                                                                                                                                                  Entropy (8bit):6.560002521238215
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:6144:kgd/2mZLgPFIY9qWM53pLW1AepppzoeteKU:JZLgPykeKU
                                                                                                                                                                                                                                                                  MD5:F78F9855D2A7CA940B6BE51D68B80BF2
                                                                                                                                                                                                                                                                  SHA1:FD8AF3DBD7B0EA3DE2274517C74186CB7CD81A05
                                                                                                                                                                                                                                                                  SHA-256:D4AE192BBD4627FC9487A2C1CD9869D1B461C20CFD338194E87F5CF882BBED12
                                                                                                                                                                                                                                                                  SHA-512:6B68C434A6F8C436D890D3C1229D332BD878E5777C421799F84D79679E998B95D2D4A013B09F50C5DE4C6A85FCCEB796F3C486E36A10CBAC509A0DA8D8102B18
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mBP\.,.\.,.\.,.Ut..R.,.Is-.^.,.Is).Q.,.Is(.T.,.Is/.X.,.f.-._.,..t-.^.,.\.-...,.f./.].,.f.!.S.,.f.,.].,.f...].,.f...].,.Rich\.,.........PE..d....Are.........." ...%.v...<......L....................................................`..........................................T..P...@U..................x'......./......P.......T...........................`...@............................................text...-t.......v.................. ..`.rdata..D............z..............@..@.data....*...p...$...R..............@....pdata..x'.......(...v..............@..@.rsrc...............................@..@.reloc..P...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\_hashlib.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):65816
                                                                                                                                                                                                                                                                  Entropy (8bit):6.242721496157571
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:1536:uElYij3wzR1lBafLEmIRhFIpOIi7SyHqxn:zYdBaTEmghFIpOIiu
                                                                                                                                                                                                                                                                  MD5:8BAEB2BD6E52BA38F445EF71EF43A6B8
                                                                                                                                                                                                                                                                  SHA1:4132F9CD06343EF8B5B60DC8A62BE049AA3270C2
                                                                                                                                                                                                                                                                  SHA-256:6C50C9801A5CAF0BB52B384F9A0D5A4AA182CA835F293A39E8999CF6EDF2F087
                                                                                                                                                                                                                                                                  SHA-512:804A4E19EA622646CEA9E0F8C1E284B7F2D02F3620199FA6930DBDADC654FA137C1E12757F87C3A1A71CEFF9244AA2F598EE70D345469CA32A0400563FE3AA65
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Aj...j...j...c.C.n.......h.......f.......b.......i...Pa..h...!...h.......i...j.......Pa..k...Pa..k...Pa/.k...Pa..k...Richj...........................PE..d....Are.........." ...%.T..........P@..............................................oE....`.............................................P.............................../......X...@}..T............................|..@............p..(............................text....S.......T.................. ..`.rdata..&O...p...P...X..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\_lzma.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):159512
                                                                                                                                                                                                                                                                  Entropy (8bit):6.8453439550985475
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3072:kEVLLSVeexIDteznfV9mNoNMuX4mZp7zuNtIpZ1uV:kEVHbeye9YON1buNN
                                                                                                                                                                                                                                                                  MD5:CF8DE1137F36141AFD9FF7C52A3264EE
                                                                                                                                                                                                                                                                  SHA1:AFDE95A1D7A545D913387624EF48C60F23CF4A3F
                                                                                                                                                                                                                                                                  SHA-256:22D10E2D6AD3E3ED3C49EB79AB69A81AAA9D16AECA7F948DA2FE80877F106C16
                                                                                                                                                                                                                                                                  SHA-512:821985FF5BC421BD16B2FA5F77F1F4BF8472D0D1564BC5768E4DBE866EC52865A98356BB3EF23A380058ACD0A25CD5A40A1E0DAE479F15863E48C4482C89A03F
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......RH:..)T..)T..)T..Q...)T..VU..)T..VQ..)T..VP..)T..VW..)T.,.U..)T.]QU..)T..)U.s)T.,.Y.,)T.,.T..)T.,....)T.,.V..)T.Rich.)T.........PE..d... Bre.........." ...%.d...........6....................................................`..........................................%..L...\%..x....p.......P.......@.../......4.......T...........................p...@............................................text....b.......d.................. ..`.rdata..............h..............@..@.data...(....@......................@....pdata.......P....... ..............@..@.rsrc........p.......4..............@..@.reloc..4............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\_multiprocessing.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):35096
                                                                                                                                                                                                                                                                  Entropy (8bit):6.462269556682856
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:768:sgYvrenSE0PcxxQ0zi+m1IpWtz5YiSyvyAMxkEs1:JYTQSCxQ0zlm1IpWt97Sy4xu
                                                                                                                                                                                                                                                                  MD5:C0A06AEBBD57D2420037162FA5A3142B
                                                                                                                                                                                                                                                                  SHA1:1D82BA750128EB51070CDEB0C69AC75117E53B43
                                                                                                                                                                                                                                                                  SHA-256:5673B594E70D1FDAAD3895FC8C3676252B7B675656FB88EF3410BC93BB0E7687
                                                                                                                                                                                                                                                                  SHA-512:DDF2C4D22B2371A8602601A05418EF712E03DEF66E2D8E8814853CDD989ED457EFBD6032F4A4A3E9ECCA9915D99C249DFD672670046461A9FE510A94DA085FBF
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........*..y..y..y..y..y...x..y...x..y...x..y...x..y.J.x..y..y..y...x..y.J.x..y.J.x..y.Jky..y.J.x..yRich..y................PE..d....Are.........." ...%.....>......P...............................................|w....`.........................................0E..`....E..x............p.......Z.../...........4..T............................3..@............0...............................text............................... ..`.rdata..r ...0..."..."..............@..@.data........`.......D..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\_overlapped.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):55576
                                                                                                                                                                                                                                                                  Entropy (8bit):6.34153194361025
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:1536:3XRnts3McbN6w/xzWSsXZdR1r35IpXtW7Sy56xk3:HRvisXZdR1r5IpXtWz3
                                                                                                                                                                                                                                                                  MD5:54C021E10F9901BF782C24D648A82B96
                                                                                                                                                                                                                                                                  SHA1:CF173CC0A17308D7D87B62C1169B7B99655458BC
                                                                                                                                                                                                                                                                  SHA-256:2E53CC1BFA6E10A4DE7E1F4081C5B952746E2D4FA7F8B9929AD818CE20B2CC9F
                                                                                                                                                                                                                                                                  SHA-512:E451226ECE8C34C73E5B31E06FDC1D99E073E6E0651A0C5E04B0CF011E79D0747DA7A5B6C5E94ACA44CFCEB9E85CE3D85AFFF081A574D1F53F115E39E9D4FF6C
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.{..w(..w(..w(.s.(..w(.tv)..w(.tr)..w(.ts)..w(.tt)..w(.v)..w(..v(..w(.sv)..w(.ss)..w(.z)..w(.w)..w(..(..w(.u)..w(Rich..w(........................PE..d....Are.........." ...%.L...`............................................................`.............................................X...X............................/......(....f..T............................e..@............`...............................text....J.......L.................. ..`.rdata..D8...`...:...P..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..(...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\_queue.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):32536
                                                                                                                                                                                                                                                                  Entropy (8bit):6.46409711645548
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:768:0k+Eq6rf65MoJ/MBIpQUh5YiSyv/AMxkEG:55fhoJEBIpQUP7SynxC
                                                                                                                                                                                                                                                                  MD5:5AA4B057BA2331EED6B4B30F4B3E0D52
                                                                                                                                                                                                                                                                  SHA1:6B9DB113C2882743984C3D8B70EC49FC4A136C23
                                                                                                                                                                                                                                                                  SHA-256:D43DCA0E00C3C11329B68177E967CF5240495C4786F5AFA76AC4F267C3A5CDB9
                                                                                                                                                                                                                                                                  SHA-512:AA5AA3285EA5C177ECA055949C5F550DBD2D2699202A29EFE2077213CBC95FFF2A36D99EECCE249AC04D95BAF149B3D8C557A67FC39EAD3229F0B329E83447B7
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z2.\.Sa..Sa..Sa..+...Sa..,`..Sa..,d..Sa..,e..Sa..,b..Sa.$.`..Sa.U+`..Sa..S`.USa.$.l..Sa.$.a..Sa.$...Sa.$.c..Sa.Rich.Sa.........PE..d....Are.........." ...%.....8......................................................[%....`..........................................C..L....C..d....p.......`.......P.../..........p4..T...........................03..@............0..8............................text............................... ..`.rdata.......0......................@..@.data........P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\_socket.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):83224
                                                                                                                                                                                                                                                                  Entropy (8bit):6.336611500173631
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:1536:MUuhDLiJvz76Hl+ZWly+uC69/s+S+pzcHst8/n1IsJHO7sBIpLwfB7SysaZx7:MU6DL4vHAy+uC69/sT+pzus81IwHO7sl
                                                                                                                                                                                                                                                                  MD5:439B3AD279BEFA65BB40ECEBDDD6228B
                                                                                                                                                                                                                                                                  SHA1:D3EA91AE7CAD9E1EBEC11C5D0517132BBC14491E
                                                                                                                                                                                                                                                                  SHA-256:24017D664AF20EE3B89514539345CAAC83ECA34825FCF066A23E8A4C99F73E6D
                                                                                                                                                                                                                                                                  SHA-512:A335E1963BB21B34B21AEF6B0B14BA8908A5343B88F65294618E029E3D4D0143EA978A5FD76D2DF13A918FFAB1E2D7143F5A1A91A35E0CC1145809B15AF273BD
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|../8z.|8z.|8z.|1.T|>z.|-..}:z.|-..}5z.|-..}0z.|-..};z.|...}:z.|8z.|.z.|s..}1z.|...}9z.|...}9z.|..8|9z.|...}9z.|Rich8z.|........PE..d....Bre.........." ...%.v...........-.......................................`............`.............................................P............@.......0.........../...P..........T...............................@............................................text....u.......v.................. ..`.rdata...x.......z...z..............@..@.data...H...........................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\_sqlite3.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):124696
                                                                                                                                                                                                                                                                  Entropy (8bit):6.265014849176247
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3072:YPfqZRAWgyjwjCO4w5ySDUfUK8PFIpOQGJ:RAWgKwGC5bSUvj
                                                                                                                                                                                                                                                                  MD5:DE8B1C6DF3ED65D3C96C7C30E0A52262
                                                                                                                                                                                                                                                                  SHA1:8DD69E3506C047B43D7C80CDB38A73A44FD9D727
                                                                                                                                                                                                                                                                  SHA-256:F3CA1D6B1AB8BB8D6F35A24FC602165E6995E371226E98FFEEED2EEEC253C9DF
                                                                                                                                                                                                                                                                  SHA-512:A532EF79623BEB1195F20537B3C2288A6B922F8E9B6D171EF96090E4CC00E754A129754C19F4D9D5E4B701BCFF59E63779656AA559D117EF10590CFAFC7404BB
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................................}........................:...................:......:......:......:.....Rich...................PE..d...!Bre.........." ...%............................................................)K....`.........................................`o..P....o..................8......../.......... ...T...............................@............................................text............................... ..`.rdata..............................@..@.data...8............|..............@....pdata..8...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\_ssl.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):177432
                                                                                                                                                                                                                                                                  Entropy (8bit):5.976278188413444
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3072:ECRW4ljuyKK8vZktW5NP6Xf9N54eNWXvM4VRJNI7IM/cbP7RHs3FJZtIpC7f6:EmfEyKKaZP6Xf92MSV+JZM
                                                                                                                                                                                                                                                                  MD5:6774D6FB8B9E7025254148DC32C49F47
                                                                                                                                                                                                                                                                  SHA1:212E232DA95EC8473EB0304CF89A5BAF29020137
                                                                                                                                                                                                                                                                  SHA-256:2B6F1B1AC47CB7878B62E8D6BB587052F86CA8145B05A261E855305B9CA3D36C
                                                                                                                                                                                                                                                                  SHA-512:5D9247DCE96599160045962AF86FC9E5439F66A7E8D15D1D00726EC1B3B49D9DD172D667380D644D05CB18E45A5419C2594B4BCF5A16EA01542AE4D7D9A05C6E
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........._..............V......................................f......e...........-............f.......f.......f:......f......Rich....................PE..d...#Bre.........." ...%............\,...............................................t....`......................................... ...d.......................8......../......x...@...T...............................@............................................text.............................. ..`.rdata...!......."..................@..@.data...(...........................@....pdata..8............^..............@..@.rsrc................j..............@..@.reloc..x............t..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\_wmi.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):36632
                                                                                                                                                                                                                                                                  Entropy (8bit):6.358330339853201
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:768:6RxnHG7MYGQd0fmdzA77yeutIpCiq5YiSyvtGAMxkENy:6Rxnm7M6dKmdzA77yeutIpCio7SyCxZy
                                                                                                                                                                                                                                                                  MD5:CB0564BC74258CB1320C606917CE5A71
                                                                                                                                                                                                                                                                  SHA1:5B2BFC0D997CC5B7D985BFADDDBFC180CB01F7CF
                                                                                                                                                                                                                                                                  SHA-256:0342916A60A7B39BBD5753D85E1C12A4D6F990499753D467018B21CEFA49CF32
                                                                                                                                                                                                                                                                  SHA-512:43F3AFA9801FCF5574A30F4D3E7AE6AFF65C7716462F9ABA5BC8055887A44BF38FBA121639D8B31427E738752FE3B085D1D924DE2633F4C042433E1960023F38
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........S..............l..............................z.......................................z.......z.......z.......z......Rich....................PE..d....Are.........." ...%.(...:.......&..............................................N.....`..........................................T..H....T...............p..`....`.../......t...DG..T............................C..@............@.......S..@....................text....&.......(.................. ..`.rdata..D....@... ...,..............@..@.data........`.......L..............@....pdata..`....p.......P..............@..@.rsrc................T..............@..@.reloc..t............^..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\base_library.zip

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):1332005
                                                                                                                                                                                                                                                                  Entropy (8bit):5.586288557050693
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:12288:uttcY+bStOmgRF1+fYNXPh26UZWAzCu7joqYnhjHgkVHdmmPnHz1d1YgCCaYcet:uttcY+UHCiCAd+cqHdmmPHzqEaYcet
                                                                                                                                                                                                                                                                  MD5:CCEE0EA5BA04AA4FCB1D5A19E976B54F
                                                                                                                                                                                                                                                                  SHA1:F7A31B2223F1579DA1418F8BFE679AD5CB8A58F5
                                                                                                                                                                                                                                                                  SHA-256:EEB7F0B3E56B03454868411D5F62F23C1832C27270CEE551B9CA7D9D10106B29
                                                                                                                                                                                                                                                                  SHA-512:4F29AC5DF211FEF941BD953C2D34CB0C769FB78475494746CB584790D9497C02BE35322B0C8F5C14FE88D4DD722733EDA12496DB7A1200224A014043F7D59166
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:PK..........!.x[_C............_collections_abc.pyc......................................Z.....d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.............Z...e.d.........Z.d...Z...e.e.........Z.[.g.d...Z.d.Z...e...e.d.................Z...e...e...e.........................Z...e...e.i.j%..........................................Z...e...e.i.j)..........................................Z...e...e.i.j-..........................................Z...e...e.g.................Z...e...e...e.g.........................Z...e...e...e.d.........................Z...e...e...e.d.d.z...........................Z...e...e...e.........................Z...e...e.d.................Z ..e...e.d.................Z!..e...e...e"........................Z#..e.i.j%..................................Z$..e.i.j)..................................Z%..e.i.j-..................................Z&..e.e.jN..........................Z(..e...d...................Z)d...Z*..e*........Z*..e.e*........Z+e*jY............................[*d...Z-..e-........

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\certifi\cacert.pem

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):290282
                                                                                                                                                                                                                                                                  Entropy (8bit):6.048183244201235
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:6144:QW1H/M8fRR1jplkXURrVADwYCuCigT/Q5MSRqNb7d8iu5Np:QWN/TRJLWURrI55MWavdF0L
                                                                                                                                                                                                                                                                  MD5:302B49C5F476C0AE35571430BB2E4AA0
                                                                                                                                                                                                                                                                  SHA1:35A7837A3F1B960807BF46B1C95EC22792262846
                                                                                                                                                                                                                                                                  SHA-256:CF9D37FA81407AFE11DCC0D70FE602561422AA2344708C324E4504DB8C6C5748
                                                                                                                                                                                                                                                                  SHA-512:1345AF52984B570B1FF223032575FEB36CDFB4F38E75E0BD3B998BC46E9C646F7AC5C583D23A70460219299B9C04875EF672BF5A0D614618731DF9B7A5637D0A
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\charset_normalizer\md.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):10752
                                                                                                                                                                                                                                                                  Entropy (8bit):4.674392865869017
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:96:KGUmje72HzA5iJGhU2Y0hQMsQJCUCLsZEA4elh3XQMtCFXiHBpv9cX6gTim1qeSC:rjQ2HzzU2bRYoe1HH9cqgTimoe
                                                                                                                                                                                                                                                                  MD5:D9E0217A89D9B9D1D778F7E197E0C191
                                                                                                                                                                                                                                                                  SHA1:EC692661FCC0B89E0C3BDE1773A6168D285B4F0D
                                                                                                                                                                                                                                                                  SHA-256:ECF12E2C0A00C0ED4E2343EA956D78EED55E5A36BA49773633B2DFE7B04335C0
                                                                                                                                                                                                                                                                  SHA-512:3B788AC88C1F2D682C1721C61D223A529697C7E43280686B914467B3B39E7D6DEBAFF4C0E2F42E9DDDB28B522F37CB5A3011E91C66D911609C63509F9228133D
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..............................M....................................... ...?.......?.......?.a.....?.......Rich............................PE..d....jAe.........." ...%.....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\charset_normalizer\md__mypyc.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):122880
                                                                                                                                                                                                                                                                  Entropy (8bit):5.917175475547778
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3072:bA3W6Fck6/g5DzNa4cMy/dzpd1dhdMdJGFEr6/vD:MW6NzcMy/d13FErgvD
                                                                                                                                                                                                                                                                  MD5:BF9A9DA1CF3C98346002648C3EAE6DCF
                                                                                                                                                                                                                                                                  SHA1:DB16C09FDC1722631A7A9C465BFE173D94EB5D8B
                                                                                                                                                                                                                                                                  SHA-256:4107B1D6F11D842074A9F21323290BBE97E8EED4AA778FBC348EE09CC4FA4637
                                                                                                                                                                                                                                                                  SHA-512:7371407D12E632FC8FB031393838D36E6A1FE1E978CED36FF750D84E183CDE6DD20F75074F4597742C9F8D6F87AF12794C589D596A81B920C6C62EE2BA2E5654
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..r...r...r......r...s...r...s...r...w...r...v..r...q...r.#.s...r...s...r..8z...r..8r...r..8....r..8p...r.Rich..r.........................PE..d....jAe.........." ...%.:...........<.......................................0............`.........................................@...d.......................(............ ......P...................................@............P...............................text....8.......:.................. ..`.rdata...W...P...X...>..............@..@.data...8=.......0..................@....pdata..(...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\cryptography-41.0.7.dist-info\INSTALLER

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):4
                                                                                                                                                                                                                                                                  Entropy (8bit):1.5
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:Mn:M
                                                                                                                                                                                                                                                                  MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                                                  SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                                                  SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                                                  SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:pip.

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\cryptography-41.0.7.dist-info\LICENSE

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):197
                                                                                                                                                                                                                                                                  Entropy (8bit):4.61968998873571
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                                                                                  MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                                                                                  SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                                                                                  SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                                                                                  SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\cryptography-41.0.7.dist-info\LICENSE.APACHE

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):11360
                                                                                                                                                                                                                                                                  Entropy (8bit):4.426756947907149
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                                                                                  MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                                                                                  SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                                                                                  SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                                                                                  SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\cryptography-41.0.7.dist-info\LICENSE.BSD

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):1532
                                                                                                                                                                                                                                                                  Entropy (8bit):5.058591167088024
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                                                                                  MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                                                                                  SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                                                                                  SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                                                                                  SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\cryptography-41.0.7.dist-info\METADATA

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):5292
                                                                                                                                                                                                                                                                  Entropy (8bit):5.115440205505611
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:96:DxapqZink/QIHQIyzQIZQILuQIR8vtklGovxNx6sWwCvCCcTKvIrrg9BMM6VwDjz:sJnkoBs/sqLz8cTKvIrrUiM6VwDjyeWs
                                                                                                                                                                                                                                                                  MD5:137D13F917D94C83137A0FA5AE12B467
                                                                                                                                                                                                                                                                  SHA1:01E93402C225BF2A4EE59F9A06F8062CB5E4801E
                                                                                                                                                                                                                                                                  SHA-256:36738E6971D2F20DB78433185A0EF7912A48544AA6FF7006505A7DC785158859
                                                                                                                                                                                                                                                                  SHA-512:1B22CBC6E22FA5E2BD5CC4A370443A342D00E7DD53330A4000E9A680DE80262BCA7188764E3568944D01025188291602AC8C53C971630984FBD9FA7D75AAB124
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:Metadata-Version: 2.1..Name: cryptography..Version: 41.0.7..Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers...Author-email: The Python Cryptographic Authority and individual contributors <cryptography-dev@python.org>..License: Apache-2.0 OR BSD-3-Clause..Project-URL: homepage, https://github.com/pyca/cryptography..Project-URL: documentation, https://cryptography.io/..Project-URL: source, https://github.com/pyca/cryptography/..Project-URL: issues, https://github.com/pyca/cryptography/issues..Project-URL: changelog, https://cryptography.io/en/latest/changelog/..Classifier: Development Status :: 5 - Production/Stable..Classifier: Intended Audience :: Developers..Classifier: License :: OSI Approved :: Apache Software License..Classifier: License :: OSI Approved :: BSD License..Classifier: Natural Language :: English..Classifier: Operating System :: MacOS :: MacOS X..Classifier: Operating System :: POSIX..Classifier: Operating Syst

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\cryptography-41.0.7.dist-info\RECORD

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:CSV text
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):15334
                                                                                                                                                                                                                                                                  Entropy (8bit):5.552806309785179
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:384:3X62U/ZfaigdSwJN5i6s7B0Ppzx6uvndLE4:3NUxfzgFthE4
                                                                                                                                                                                                                                                                  MD5:D88787EC6163B4F45579EA7CF7F56044
                                                                                                                                                                                                                                                                  SHA1:B241754AF16F5B2523DE1D07520DADB5ABA559BA
                                                                                                                                                                                                                                                                  SHA-256:E5265DE4206BAB1FB0C96212067AA1EB479C85AB0495B915938DDB365B0C948D
                                                                                                                                                                                                                                                                  SHA-512:F4F1C213458AC42A3417A870F7C6D2A125950F588C76F8A83D605242ABBDBCC2CBE70CA49A700710AA23AC143F2702963DEA48043C5CA86FBF0D3CE07126C696
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:cryptography-41.0.7.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-41.0.7.dist-info/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-41.0.7.dist-info/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-41.0.7.dist-info/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography-41.0.7.dist-info/METADATA,sha256=NnOOaXHS8g23hDMYWg73kSpIVEqm_3AGUFp9x4UViFk,5292..cryptography-41.0.7.dist-info/RECORD,,..cryptography-41.0.7.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..cryptography-41.0.7.dist-info/WHEEL,sha256=-EX5DQzNGQEoyL99Q-0P0-D-CXbfqafenaAeiSQ_Ufk,100..cryptography-41.0.7.dist-info/top_level.txt,sha256=KNaT-Sn2K4uxNaEbe6mYdDn3qWDMlp4y-MtWfB73nJc,13..cryptography/__about__.py,sha256=uPXMbbcptt7EzZ_jllGRx0pVdMn-NBsAM4L74hOv-b0,445..cryptography/__init__.py,sha256=iVPlBlXWTJyiFeRedxcbMPhyHB34viOM10d72vGnWuE,364..cryptography/__pycache__/_

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\cryptography-41.0.7.dist-info\WHEEL

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):100
                                                                                                                                                                                                                                                                  Entropy (8bit):5.0203365408149025
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:RtEeX7MWcSlVlbY3KgP+tkKc/SKQLn:RtBMwlVCxWKxDQLn
                                                                                                                                                                                                                                                                  MD5:4B432A99682DE414B29A683A3546B69F
                                                                                                                                                                                                                                                                  SHA1:F59C5016889EE5E9F62D09B22AEFBC2211A56C93
                                                                                                                                                                                                                                                                  SHA-256:F845F90D0CCD190128C8BF7D43ED0FD3E0FE0976DFA9A7DE9DA01E89243F51F9
                                                                                                                                                                                                                                                                  SHA-512:CBBF10E19B6F4072C416EA95D7AE259B9C5A1B89068B7B6660B7C637D6F2437AEA8D8202A2E26A0BEC36DAECD8BBB6B59016FC2DDEB13C545F0868B3E15479CA
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.42.0).Root-Is-Purelib: false.Tag: cp37-abi3-win_amd64..

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\cryptography-41.0.7.dist-info\top_level.txt

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):13
                                                                                                                                                                                                                                                                  Entropy (8bit):3.2389012566026314
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:cOv:Nv
                                                                                                                                                                                                                                                                  MD5:E7274BD06FF93210298E7117D11EA631
                                                                                                                                                                                                                                                                  SHA1:7132C9EC1FD99924D658CC672F3AFE98AFEFAB8A
                                                                                                                                                                                                                                                                  SHA-256:28D693F929F62B8BB135A11B7BA9987439F7A960CC969E32F8CB567C1EF79C97
                                                                                                                                                                                                                                                                  SHA-512:AA6021C4E60A6382630BEBC1E16944F9B312359D645FC61219E9A3F19D876FD600E07DCA6932DCD7A1E15BFDEAC7DBDCEB9FFFCD5CA0E5377B82268ED19DE225
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:cryptography.

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):6673920
                                                                                                                                                                                                                                                                  Entropy (8bit):6.582002531606852
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:98304:EzN+T+xtLlk0PPMAiGoTzeDy3x8lGBlWi9Nk:E5Y6Jk0PPMtfTzp3x8c
                                                                                                                                                                                                                                                                  MD5:486085AAC7BB246A173CEEA0879230AF
                                                                                                                                                                                                                                                                  SHA1:EF1095843B2A9C6D8285C7D9E8E334A9CE812FAE
                                                                                                                                                                                                                                                                  SHA-256:C3964FC08E4CA8BC193F131DEF6CC4B4724B18073AA0E12FED8B87C2E627DC83
                                                                                                                                                                                                                                                                  SHA-512:8A56774A08DA0AB9DD561D21FEBEEBC23A5DEA6F63D5638EA1B608CD923B857DF1F096262865E6EBD56B13EFD3BBA8D714FFDCE8316293229974532C49136460
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......QN.../.../.../...W(../......./......./......./......./...R.../...Z.../..^W.../.../...-../...",......./.../.../......./......./..Rich./..........PE..d...M7ee.........." ...&..M..........L...................................... f...........`......................................... .a.p.....a.|............Pb..............Pe.p...p.[.T.....................[.(...0.[.@............0M..............................text.....M.......M................. ..`.rdata.......0M.......M.............@..@.data........0a.......a.............@....pdata.......Pb.......b.............@..@.reloc..p....Pe.......e.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\libcrypto-3.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):5162776
                                                                                                                                                                                                                                                                  Entropy (8bit):5.958207976652471
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:98304:S3+FRtLtlVriXpshX179Cahd4tC9P1+1CPwDvt3uFlDCi:ASRtLtvd99Cahd4tC9w1CPwDvt3uFlDz
                                                                                                                                                                                                                                                                  MD5:51E8A5281C2092E45D8C97FBDBF39560
                                                                                                                                                                                                                                                                  SHA1:C499C810ED83AAADCE3B267807E593EC6B121211
                                                                                                                                                                                                                                                                  SHA-256:2A234B5AA20C3FAECF725BBB54FB33F3D94543F78FA7045408E905593E49960A
                                                                                                                                                                                                                                                                  SHA-512:98B91719B0975CB38D3B3C7B6F820D184EF1B64D38AD8515BE0B8B07730E2272376B9E51631FE9EFD9B8A1709FEA214CF3F77B34EEB9FD282EB09E395120E7CB
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./',.kFB.kFB.kFB.b>..yFB..:C.iFB..:G.gFB..:F.cFB..:A.oFB.kFC..FB. >C.`FB.;A.KFB.;F..EB.;B.jFB.;..jFB.;@.jFB.RichkFB.........................PE..d...x..e.........." ...#..6..*......v.........................................O.......O...`.........................................0.G.0.....M.@....0N.|.....K.\.....N../...@N.....PsC.8............................qC.@.............M..............................text...4.6.......6................. ..`.rdata..`.....6.......6.............@..@.data....n....J..<....J.............@....pdata........K.......J.............@..@.idata...%....M..&....M.............@..@.00cfg..u.... N.......M.............@..@.rsrc...|....0N.......M.............@..@.reloc..k....@N.......M.............@..B................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\libffi-8.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):39696
                                                                                                                                                                                                                                                                  Entropy (8bit):6.641880464695502
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                                                                                  MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                                                                                  SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                                                                                  SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                                                                                  SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\libssl-3.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):790296
                                                                                                                                                                                                                                                                  Entropy (8bit):5.607732992846443
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:6144:7aO1lo7USZGjweMMHO4+xuVg7gCl2VdhMd1DdwMVn4TERUr3zgKpJJ/wknofFe9A:FkeMKOr97gCAE35gEGzLpwknofFe9XbE
                                                                                                                                                                                                                                                                  MD5:BFC834BB2310DDF01BE9AD9CFF7C2A41
                                                                                                                                                                                                                                                                  SHA1:FB1D601B4FCB29FF1B13B0D2ED7119BD0472205C
                                                                                                                                                                                                                                                                  SHA-256:41AD1A04CA27A7959579E87FBBDA87C93099616A64A0E66260C983381C5570D1
                                                                                                                                                                                                                                                                  SHA-512:6AF473C7C0997F2847EBE7CEE8EF67CD682DEE41720D4F268964330B449BA71398FDA8954524F9A97CC4CDF9893B8BDC7A1CF40E9E45A73F4F35A37F31C6A9C3
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T..T..T..].3.Z....V......V....X....\....P....W..T..I....e....U.._.U....U..RichT..........PE..d......e.........." ...#.6..........K........................................0.......w....`..........................................w...Q..............s.... ..pM......./......`... ...8...............................@............................................text....4.......6.................. ..`.rdata...y...P...z...:..............@..@.data....N.......H..................@....pdata..XV... ...X..................@..@.idata..bc.......d...T..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..?...........................@..B................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\pyexpat.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):199448
                                                                                                                                                                                                                                                                  Entropy (8bit):6.385306498353421
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3072:jJB/b2LOWs5LS04q1uqtF+ai7dYbmdRLjDxKyw6XUWdRBIpLhCujk:dB6yx5LT1gqtF+XGeL/xiBoR4g
                                                                                                                                                                                                                                                                  MD5:E2D1C738D6D24A6DD86247D105318576
                                                                                                                                                                                                                                                                  SHA1:384198F20724E4EDE9E7B68E2D50883C664EEE49
                                                                                                                                                                                                                                                                  SHA-256:CDC09FBAE2F103196215FACD50D108BE3EFF60C8EE5795DCC80BF57A0F120CDF
                                                                                                                                                                                                                                                                  SHA-512:3F9CB64B4456438DEA82A0638E977F233FAF0A08433F01CA87BA65C7E80B0680B0EC3009FA146F02AE1FDCC56271A66D99855D222E77B59A1713CAF952A807DA
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W,.6B..6B..6B..N..6B..IC..6B..IG..6B..IF..6B..IA..6B...C..6B..NC..6B..6C..6B...O..6B...B..6B......6B...@..6B.Rich.6B.........PE..d....Are.........." ...%............0................................................p....`......................................... ...P...p............................/..........`4..T........................... 3..@............ ...............................text............................... ..`.rdata..D.... ......................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\python3.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):68376
                                                                                                                                                                                                                                                                  Entropy (8bit):6.148687003588085
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:768:/BV1EbYGVXq6KC/prVHBN0cW18itCQDFPnOMFn+gikF/nFX14uewjBcCCC0yamM8:pDmF61JFn+/OJBIpL0j7Sy5xH
                                                                                                                                                                                                                                                                  MD5:4038AF0427BCE296CA8F3E98591E0723
                                                                                                                                                                                                                                                                  SHA1:B2975225721959D87996454D049E6D878994CBF2
                                                                                                                                                                                                                                                                  SHA-256:A5BB3EB6FDFD23E0D8B2E4BCCD6016290C013389E06DAAE6CB83964FA69E2A4F
                                                                                                                                                                                                                                                                  SHA-512:DB762442C6355512625B36F112ECA6923875D10AAF6476D79DC6F6FFC9114E8C7757AC91DBCD1FB00014122BC7F656115160CF5D62FA7FA1BA70BC71346C1AD3
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........T...5e..5e..5e..m..5e..e..5e.....5e..g..5e.Rich.5e.........PE..d....Are.........." ...%..................................................................`.........................................`...H................................/..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\python312.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):7003928
                                                                                                                                                                                                                                                                  Entropy (8bit):5.780799677504345
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:98304:2OUmnjqB6bHMYM3RNgqKutvDHDMiEtYkzuv:2OUmn+MnM3R+qYi3kzuv
                                                                                                                                                                                                                                                                  MD5:48EBFEFA21B480A9B0DBFC3364E1D066
                                                                                                                                                                                                                                                                  SHA1:B44A3A9B8C585B30897DDC2E4249DFCFD07B700A
                                                                                                                                                                                                                                                                  SHA-256:0CC4E557972488EB99EA4AEB3D29F3ADE974EF3BCD47C211911489A189A0B6F2
                                                                                                                                                                                                                                                                  SHA-512:4E6194F1C55B82EE41743B35D749F5D92A955B219DECACF9F1396D983E0F92AE02089C7F84A2B8296A3062AFA3F9C220DA9B7CD9ED01B3315EA4A953B4ECC6CE
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............e..e..e.d..e....e.`..e.a..e.f..e....e..d..e..d...e.Bh.r.e.Be..e.B...e.Bg..e.Rich..e.................PE..d....Are.........." ...%..)..RB.....|X........................................k.......k...`......................................... .O.d....[P......@j.......`..Y....j../...Pj.4Z...3.T.....................I.(.....3.@............0)..............................text...v.).......)................. ..`.rdata...P'..0)..R'...).............@..@.data....<....P......nP.............@....pdata...Y....`..Z...._.............@..@PyRuntim.....0c......Hb.............@....rsrc........@j......Ji.............@..@.reloc..4Z...Pj..\...Ti.............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\pywin32_system32\pywintypes312.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):134656
                                                                                                                                                                                                                                                                  Entropy (8bit):5.9953900911096785
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3072:Yuh2G0a2fYrFceQaVK756Y/r06trvoEKQAe7KL8KJKVKGajt4:Yuh2faiYrFceQaVfY/rxTBAe7KwKwVrE
                                                                                                                                                                                                                                                                  MD5:26D752C8896B324FFD12827A5E4B2808
                                                                                                                                                                                                                                                                  SHA1:447979FA03F78CB7210A4E4BA365085AB2F42C22
                                                                                                                                                                                                                                                                  SHA-256:BD33548DBDBB178873BE92901B282BAD9C6817E3EAC154CA50A666D5753FD7EC
                                                                                                                                                                                                                                                                  SHA-512:99C87AB9920E79A03169B29A2F838D568CA4D4056B54A67BC51CAF5C0FF5A4897ED02533BA504F884C6F983EBC400743E6AD52AC451821385B1E25C3B1EBCEE0
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#.$g..wg..wg..wn.[wk..w5..vc..w..5wf..w5..vs..w5..vo..w5..vd..ws..vf..w...ve..ws..vl..wg..w...w...vj..w...vf..w...vf..wRichg..w........PE..d......d.........." ................L........................................P............`......................................... u..`B......,....0..l.......L............@..0...`Q..T............................Q..8............................................text............................... ..`.rdata..R...........................@..@.data....-.......(..................@....pdata..L...........................@..@.rsrc...l....0......................@..@.reloc..0....@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\select.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):30488
                                                                                                                                                                                                                                                                  Entropy (8bit):6.584443317757654
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:384:OyLTFInPLnIloHqP3DT90IBIpQG28HQIYiSy1pCQ5mrUAM+o/8E9VF0NyOYl:hinzfHqv1rBIpQG/5YiSyvkrUAMxkErl
                                                                                                                                                                                                                                                                  MD5:E1604AFE8244E1CE4C316C64EA3AA173
                                                                                                                                                                                                                                                                  SHA1:99704D2C0FA2687997381B65FF3B1B7194220A73
                                                                                                                                                                                                                                                                  SHA-256:74CCA85600E7C17EA6532B54842E26D3CAE9181287CDF5A4A3C50AF4DAB785E5
                                                                                                                                                                                                                                                                  SHA-512:7BF35B1A9DA9F1660F238C2959B3693B7D9D2DA40CF42C6F9EBA2164B73047340D0ADFF8995049A2FE14E149EBA05A5974EEE153BADD9E8450F961207F0B3D42
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V..t.s.'.s.'.s.'..7'.s.'...&.s.'...&.s.'...&.s.'...&.s.'(.&.s.'.s.'Ps.'Y..&.s.'(.&.s.'(.&.s.'(.['.s.'(.&.s.'Rich.s.'........PE..d....Are.........." ...%.....2............................................................`..........................................@..L...,A..x....p.......`.......H.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\sqlite3.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):1500440
                                                                                                                                                                                                                                                                  Entropy (8bit):6.5886408023548295
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:24576:ATqtyGkxOc+wv05tP5kf82Hr/74YPF5o/P/gnAracr7/24UcypY7w0vpZUFq++I:nk0jwv4tP5kf8ar/74EF2/An4acrVUc2
                                                                                                                                                                                                                                                                  MD5:31CD2695493E9B0669D7361D92D46D94
                                                                                                                                                                                                                                                                  SHA1:19C1BC5C3856665ECA5390A2F9CD59B564C0139B
                                                                                                                                                                                                                                                                  SHA-256:17D547994008F1626BE2877497912687CB3EBD9A407396804310FD12C85AEAD4
                                                                                                                                                                                                                                                                  SHA-512:9DD8D1B900999E8CEA91F3D5F3F72D510F9CC28D7C6768A4046A9D2AA9E78A6ACE1248EC9574F5F6E53A6F1BDBFDF153D9BF73DBA05788625B03398716C87E1C
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......SJ...+...+...+...S...+...T...+...T...+...T...+...T...+..\S...+...+...+..-....+..-....+..-.n..+..-....+..Rich.+..................PE..d....Bre.........." ...%..................................................................`..........................................d...".............................../..........P...T...............................@...............@............................text...x........................... ..`.rdata..f...........................@..@.data....G.......>..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\unicodedata.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):1137944
                                                                                                                                                                                                                                                                  Entropy (8bit):5.4622357236004175
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:12288:PrEHdcM6hb1CjJ43w9hIpCQvb0QN8MdIEQ+U2BNNmD+99FfciA0:PrEXQCjfk7bPNfv42BN6yzUiA0
                                                                                                                                                                                                                                                                  MD5:FC47B9E23DDF2C128E3569A622868DBE
                                                                                                                                                                                                                                                                  SHA1:2814643B70847B496CBDA990F6442D8FF4F0CB09
                                                                                                                                                                                                                                                                  SHA-256:2A50D629895A05B10A262ACF333E7A4A31DB5CB035B70D14D1A4BE1C3E27D309
                                                                                                                                                                                                                                                                  SHA-512:7C08683820498FDFF5F1703DB4AD94AD15F2AA877D044EDDC4B54D90E7DC162F48B22828CD577C9BB1B56F7C11F777F9785A9DA1867BF8C0F2B6E75DC57C3F53
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........K..K..K..B.q.M..^..I..^..F..^..C..^..H..qE.H.....I..K.....qE.J..qE.J..qE..J..qE..J..RichK..........................PE..d....Are.........." ...%.>..........`*.......................................p...... A....`.........................................p...X............P.......@.........../...`......P^..T............................]..@............P..p............................text....=.......>.................. ..`.rdata..\....P.......B..............@..@.data...X.... ......................@....pdata.......@......................@..@.rsrc........P......."..............@..@.reloc.......`.......,..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\win32\win32api.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):133632
                                                                                                                                                                                                                                                                  Entropy (8bit):5.851293297484796
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3072:bPwB2zC1vwC3XetCf5RlRVFhLaNKPRyymoh5Lm9b0e:bIB2zkvwGXetCfDlRVlPRy85Lm9
                                                                                                                                                                                                                                                                  MD5:3A80FEA23A007B42CEF8E375FC73AD40
                                                                                                                                                                                                                                                                  SHA1:04319F7552EA968E2421C3936C3A9EE6F9CF30B2
                                                                                                                                                                                                                                                                  SHA-256:B70D69D25204381F19378E1BB35CC2B8C8430AA80A983F8D0E8E837050BB06EF
                                                                                                                                                                                                                                                                  SHA-512:A63BED03F05396B967858902E922B2FBFB4CF517712F91CFAA096FF0539CF300D6B9C659FFEE6BF11C28E79E23115FD6B9C0B1AA95DB1CBD4843487F060CCF40
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I^.f'..f'..f'......f'...&..f'...#..f'...$..f'.o.&..f'..."..f'...&..f'..f&..g'.o....f'.o.'..f'.o.%..f'.Rich.f'.................PE..d......d.........." .........................................................P............`..........................................................0..\....................@..$....v..T............................<..8............0..........@....................text...$........................... ..`.rdata......0......................@..@.data...x(......."..................@....pdata..............................@..@.rsrc...\....0......................@..@.reloc..$....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI64442\win32\win32crypt.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):123904
                                                                                                                                                                                                                                                                  Entropy (8bit):5.966619585818369
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3072:07jbPA0SD9S3vrCqf93qMHxCjdLZn1Ya:07jtS9SfuCRCjFV
                                                                                                                                                                                                                                                                  MD5:47C91C74BB2C5CF696626AF04F3705AB
                                                                                                                                                                                                                                                                  SHA1:C086BC2825969756169FAB7DD2E560D360E1E09C
                                                                                                                                                                                                                                                                  SHA-256:F6EAD250FC2DE4330BD26079A44DED7F55172E05A70E28AD85D09E7881725155
                                                                                                                                                                                                                                                                  SHA-512:E6B6A4425B3E30CEA7BF8B09971FA0C84D6317B1A37BC1518266DC8D72C166099A8FC40A9B985300901BD921E444FF438FD30B814C1F1C6A051DF3471615C2BD
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U...U...U...\.v.S.......Q.......E.......].......V.....Q...A...R...U........\.....T.....T...RichU...........PE..d......d.........." ................(........................................ ............`..........................................o..................d.......................H....G..T............................H..8............................................text...~........................... ..`.rdata..............................@..@.data....-.......(..................@....pdata..............................@..@.rsrc...d...........................@..@.reloc..H...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kifsbeks.h2b.ps1

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y2g21dgw.jzi.psm1

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\desktop_screenshot.png

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                  File Type:PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):227848
                                                                                                                                                                                                                                                                  Entropy (8bit):7.888504480295891
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:6144:Yq8hjpr1whZMghazUzMlFAhf5lPNJwgFbhZpc31+Lpz7dm1lX4qd8:EpxAazGMlMDNh17ila5m1F4qd8
                                                                                                                                                                                                                                                                  MD5:117021B92FDF639FD02980A40A885FB4
                                                                                                                                                                                                                                                                  SHA1:F9C1F66AA5BD68DD39B3409B08331EEEBFF6231A
                                                                                                                                                                                                                                                                  SHA-256:61D4D061E6B95F01962B142EFCFD2E528C42A13E245883CE81FAECA807054F1C
                                                                                                                                                                                                                                                                  SHA-512:0AF67A0436A50ACE11D42DF167D9A52C7CF77ABDD8FC86F139D480D98E0DC84BADDA19C8819F153DAEA924A99FC99E6595D1C0DE225E272EE3C9BD4BC332ED56
                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                  Preview:.PNG........IHDR................C....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....mG....].........t....37f...w4.=...H.A....^H .@.$...a..A-!!..7..........O...zw.].>.....Df~.e..W...._.....j.<.....NJ.h..^'=;..k....3,0k._........=....TA7}.I.6.t......'......Wl.h.q.~~nt.y|NL}.......G?.N.~d$......{d.w.SG....e..g.n...4.C....O...l..#.C...S......&J.....TA.c...G.nY..{....=......DZ?.....`...l...........k.~:.S.....6.E.S..I......w..9.}.OZ..c0..>Wj....,z[..[..Y....7...b....L...b.......5.>^dL.w.4o..e.........o....j.g..7e..pcn.y_9..._\.$.....}..U....__-..).(.f*./.f..S<...i.......h<...ml..n.......j.....K.g.%.\.cK...Z..W....{\[M.~M.....U.O|...gK1....K...Z.r..v...G......|E.c.(......zl*]...8,...j.ni...vIs;_...tE.[....=...KwM.wI..xE.......)}../.L.tY....-.a.n.Z...pi.[.....&|--1..4}.%;].[..[.c......?.0..z.!.O......$.h.K...g..mwY..#6.m.w.t../....$..n.>o.Xw..y...K.M.Z...ki.m..l..N.S...R...W..L.M}b.....o..y.y>..&.T../.y....1..z\.

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\pz4ek_v7

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                  Size (bytes):4
                                                                                                                                                                                                                                                                  Entropy (8bit):2.0
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:qn:qn
                                                                                                                                                                                                                                                                  MD5:3F1D1D8D87177D3D8D897D7E421F84D6
                                                                                                                                                                                                                                                                  SHA1:DD082D742A5CB751290F1DB2BD519C286AA86D95
                                                                                                                                                                                                                                                                  SHA-256:F02285FB90ED8C81531FE78CF4E2ABB68A62BE73EE7D317623E2C3E3AEFDFFF2
                                                                                                                                                                                                                                                                  SHA-512:2AE2B3936F31756332CA7A4B877D18F3FCC50E41E9472B5CD45A70BEA82E29A0FA956EE6A9EE0E02F23D9DB56B41D19CB51D88AAC06E9C923A820A21023752A9
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:blat

                                                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                  File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Entropy (8bit):7.982294171465986
                                                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                                                  • Win64 Executable GUI (202006/5) 77.37%
                                                                                                                                                                                                                                                                  • InstallShield setup (43055/19) 16.49%
                                                                                                                                                                                                                                                                  • Win64 Executable (generic) (12005/4) 4.60%
                                                                                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.77%
                                                                                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.77%
                                                                                                                                                                                                                                                                  File name:MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  File size:17'155'097 bytes
                                                                                                                                                                                                                                                                  MD5:05d551d9e91e59cfa28c7d7b2a5e2374
                                                                                                                                                                                                                                                                  SHA1:b9d58e533693c1936dc515d9c0400ca36dc0c049
                                                                                                                                                                                                                                                                  SHA256:2daa3a1b14af19d4daf3a60a493d2613b87eba00e13b21e1b12dcea681b3dc80
                                                                                                                                                                                                                                                                  SHA512:6d17f061a889fb92a6b65f7387713248a4f543c8a3c1fd9c7b57ebd05fe78bc2f6a977819632a9a0e0d1a79f7451f084cf71db3a3d5dbc44296c68f71bcb9161
                                                                                                                                                                                                                                                                  SSDEEP:393216:6EkMDVntpUTLfhJsW+eGQRCMTozGxu8C0ibfz6e57c1c0XiWCN:6UDlHUTLJSW+e5RLoztZ026e5SuVN
                                                                                                                                                                                                                                                                  TLSH:C9072391361851C6F6BDC432B10BE13166687CB79B62A13E71B6E36609E33510D2FE3E
                                                                                                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.Q...?...?...?.Z.<...?.Z.:...?.Z.;...?.......?...:.9.?...;...?...<...?.Z.>...?...>...?.+.;...?.+.=...?.Rich..?................

                                                                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                                                                  Icon Hash:6c0c0666465b5bb6

                                                                                                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                  Entrypoint:0x14000c1f0
                                                                                                                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                                                                                                                  Digitally signed:false
                                                                                                                                                                                                                                                                  Imagebase:0x140000000
                                                                                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                                                  DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                  Time Stamp:0x65B45843 [Sat Jan 27 01:11:31 2024 UTC]
                                                                                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                                                                                  OS Version Major:5
                                                                                                                                                                                                                                                                  OS Version Minor:2
                                                                                                                                                                                                                                                                  File Version Major:5
                                                                                                                                                                                                                                                                  File Version Minor:2
                                                                                                                                                                                                                                                                  Subsystem Version Major:5
                                                                                                                                                                                                                                                                  Subsystem Version Minor:2
                                                                                                                                                                                                                                                                  Import Hash:1af6c885af093afc55142c2f1761dbe8

                                                                                                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                  sub esp, 28h
                                                                                                                                                                                                                                                                  call 00007FCCF91FFB4Ch
                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                  add esp, 28h
                                                                                                                                                                                                                                                                  jmp 00007FCCF91FF75Fh
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                  sub esp, 28h
                                                                                                                                                                                                                                                                  call 00007FCCF92000C4h
                                                                                                                                                                                                                                                                  test eax, eax
                                                                                                                                                                                                                                                                  je 00007FCCF91FF903h
                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                  mov eax, dword ptr [00000030h]
                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                  mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                                                                                  jmp 00007FCCF91FF8E7h
                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                  cmp ecx, eax
                                                                                                                                                                                                                                                                  je 00007FCCF91FF8F6h
                                                                                                                                                                                                                                                                  xor eax, eax
                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                  cmpxchg dword ptr [0003427Ch], ecx
                                                                                                                                                                                                                                                                  jne 00007FCCF91FF8D0h
                                                                                                                                                                                                                                                                  xor al, al
                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                  add esp, 28h
                                                                                                                                                                                                                                                                  ret
                                                                                                                                                                                                                                                                  mov al, 01h
                                                                                                                                                                                                                                                                  jmp 00007FCCF91FF8D9h
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  inc eax
                                                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                  sub esp, 20h
                                                                                                                                                                                                                                                                  movzx eax, byte ptr [00034267h]
                                                                                                                                                                                                                                                                  test ecx, ecx
                                                                                                                                                                                                                                                                  mov ebx, 00000001h
                                                                                                                                                                                                                                                                  cmove eax, ebx
                                                                                                                                                                                                                                                                  mov byte ptr [00034257h], al
                                                                                                                                                                                                                                                                  call 00007FCCF91FFEC3h
                                                                                                                                                                                                                                                                  call 00007FCCF9200FE2h
                                                                                                                                                                                                                                                                  test al, al
                                                                                                                                                                                                                                                                  jne 00007FCCF91FF8E6h
                                                                                                                                                                                                                                                                  xor al, al
                                                                                                                                                                                                                                                                  jmp 00007FCCF91FF8F6h
                                                                                                                                                                                                                                                                  call 00007FCCF920DF81h
                                                                                                                                                                                                                                                                  test al, al
                                                                                                                                                                                                                                                                  jne 00007FCCF91FF8EBh
                                                                                                                                                                                                                                                                  xor ecx, ecx
                                                                                                                                                                                                                                                                  call 00007FCCF9200FF2h
                                                                                                                                                                                                                                                                  jmp 00007FCCF91FF8CCh
                                                                                                                                                                                                                                                                  mov al, bl
                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                  add esp, 20h
                                                                                                                                                                                                                                                                  pop ebx
                                                                                                                                                                                                                                                                  ret
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  inc eax
                                                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                  sub esp, 20h
                                                                                                                                                                                                                                                                  cmp byte ptr [0003421Ch], 00000000h
                                                                                                                                                                                                                                                                  mov ebx, ecx
                                                                                                                                                                                                                                                                  jne 00007FCCF91FF949h
                                                                                                                                                                                                                                                                  cmp ecx, 01h
                                                                                                                                                                                                                                                                  jnbe 00007FCCF91FF94Ch
                                                                                                                                                                                                                                                                  call 00007FCCF920002Ah
                                                                                                                                                                                                                                                                  test eax, eax
                                                                                                                                                                                                                                                                  je 00007FCCF91FF90Ah

                                                                                                                                                                                                                                                                  Data Directories

                                                                                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x3cdcc0x78.rdata
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x460000x896c0.rsrc
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x420000x22a4.pdata
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xd00000x75c.reloc
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x3a3300x1c.rdata
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3a1f00x140.rdata
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x420.rdata
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                  Sections

                                                                                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                  .text0x10000x29c900x29e0062616acf257019688180f494b4eb78d4False0.5523087686567164data6.4831047330596565IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                  .rdata0x2b0000x12bf40x12c001e9740a59f029cb6742aad64a6a1e5acFalse0.5184375data5.835006666762151IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                  .data0x3e0000x33380xe0099d84572872f2ce8d9bdbc2521e1966eFalse0.1328125Matlab v4 mat-file (little endian) f\324\377\3772\242\337-\231+, text, rows 4294967295, columns 01.8271683819747706IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                  .pdata0x420000x22a40x240039f0a7d8241a665fc55289b5f9977819False0.4720052083333333data5.316391891279308IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                  _RDATA0x450000x15c0x200624222957a635749731104f8cdf6f9b7False0.38671875data2.83326547900447IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                  .rsrc0x460000x896c00x89800b55f6f17155d765db323eef7bdbca050False0.11222833806818182data5.920015077844823IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                  .reloc0xd00000x75c0x8004138d4447f190c2657ec208ef31be551False0.5458984375data5.240127521097618IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                  Resources

                                                                                                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                  RT_ICON0x464480xa068Device independent bitmap graphic, 256 x 512 x 4, image size 327680.1660091564387298
                                                                                                                                                                                                                                                                  RT_ICON0x504b00x668Device independent bitmap graphic, 48 x 96 x 4, image size 11520.2890243902439024
                                                                                                                                                                                                                                                                  RT_ICON0x50b180x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 5120.3709677419354839
                                                                                                                                                                                                                                                                  RT_ICON0x50e000x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 2880.430327868852459
                                                                                                                                                                                                                                                                  RT_ICON0x50fe80x128Device independent bitmap graphic, 16 x 32 x 4, image size 1280.46959459459459457
                                                                                                                                                                                                                                                                  RT_ICON0x511100x12428Device independent bitmap graphic, 256 x 512 x 8, image size 65536, 256 important colors0.11998609476949407
                                                                                                                                                                                                                                                                  RT_ICON0x635380xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors0.2593283582089552
                                                                                                                                                                                                                                                                  RT_ICON0x643e00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors0.3046028880866426
                                                                                                                                                                                                                                                                  RT_ICON0x64c880x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors0.3323732718894009
                                                                                                                                                                                                                                                                  RT_ICON0x653500x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors0.2861271676300578
                                                                                                                                                                                                                                                                  RT_ICON0x658b80x42028Device independent bitmap graphic, 256 x 512 x 32, image size 2703360.05777509838151315
                                                                                                                                                                                                                                                                  RT_ICON0xa78e00x10828Device independent bitmap graphic, 128 x 256 x 32, image size 675840.10018632438187626
                                                                                                                                                                                                                                                                  RT_ICON0xb81080x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 380160.17765923901618666
                                                                                                                                                                                                                                                                  RT_ICON0xc15b00x5488Device independent bitmap graphic, 72 x 144 x 32, image size 216000.21035120147874306
                                                                                                                                                                                                                                                                  RT_ICON0xc6a380x4228Device independent bitmap graphic, 64 x 128 x 32, image size 168960.18469532357109117
                                                                                                                                                                                                                                                                  RT_ICON0xcac600x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.3046680497925311
                                                                                                                                                                                                                                                                  RT_ICON0xcd2080x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.3808630393996248
                                                                                                                                                                                                                                                                  RT_ICON0xce2b00x988Device independent bitmap graphic, 24 x 48 x 32, image size 24000.5151639344262295
                                                                                                                                                                                                                                                                  RT_ICON0xcec380x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.6622340425531915
                                                                                                                                                                                                                                                                  RT_GROUP_ICON0xcf0a00x110data0.5919117647058824
                                                                                                                                                                                                                                                                  RT_MANIFEST0xcf1b00x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                                                                                                  Imports

                                                                                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                                                                                  USER32.dllCreateWindowExW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                                                                                  COMCTL32.dll
                                                                                                                                                                                                                                                                  KERNEL32.dllIsValidCodePage, GetStringTypeW, GetFileAttributesExW, HeapReAlloc, FlushFileBuffers, GetCurrentDirectoryW, GetACP, GetOEMCP, GetModuleHandleW, MulDiv, GetLastError, SetDllDirectoryW, GetModuleFileNameW, CreateSymbolicLinkW, GetProcAddress, GetCommandLineW, GetEnvironmentVariableW, GetCPInfo, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, SetConsoleCtrlHandler, FindClose, FindFirstFileExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, WriteConsoleW, SetEndOfFile, SetEnvironmentVariableW, RtlUnwindEx, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindNextFileW, SetStdHandle, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW
                                                                                                                                                                                                                                                                  ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                                                                                  GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                  Dec 9, 2024 10:07:33.962136030 CET49708443192.168.2.882.180.136.22
                                                                                                                                                                                                                                                                  Dec 9, 2024 10:07:33.962181091 CET4434970882.180.136.22192.168.2.8
                                                                                                                                                                                                                                                                  Dec 9, 2024 10:07:33.962253094 CET49708443192.168.2.882.180.136.22
                                                                                                                                                                                                                                                                  Dec 9, 2024 10:07:35.407280922 CET49708443192.168.2.882.180.136.22
                                                                                                                                                                                                                                                                  Dec 9, 2024 10:07:35.407299995 CET4434970882.180.136.22192.168.2.8
                                                                                                                                                                                                                                                                  Dec 9, 2024 10:08:19.424453020 CET4434970882.180.136.22192.168.2.8
                                                                                                                                                                                                                                                                  Dec 9, 2024 10:08:19.424592018 CET49708443192.168.2.882.180.136.22
                                                                                                                                                                                                                                                                  Dec 9, 2024 10:08:19.424869061 CET49708443192.168.2.882.180.136.22
                                                                                                                                                                                                                                                                  Dec 9, 2024 10:08:19.424885035 CET4434970882.180.136.22192.168.2.8
                                                                                                                                                                                                                                                                  Dec 9, 2024 10:08:20.017153978 CET49710443192.168.2.834.224.200.202
                                                                                                                                                                                                                                                                  Dec 9, 2024 10:08:20.017199039 CET4434971034.224.200.202192.168.2.8
                                                                                                                                                                                                                                                                  Dec 9, 2024 10:08:20.017272949 CET49710443192.168.2.834.224.200.202
                                                                                                                                                                                                                                                                  Dec 9, 2024 10:08:20.839433908 CET49710443192.168.2.834.224.200.202
                                                                                                                                                                                                                                                                  Dec 9, 2024 10:08:20.839468956 CET4434971034.224.200.202192.168.2.8
                                                                                                                                                                                                                                                                  Dec 9, 2024 10:08:22.574275970 CET4434971034.224.200.202192.168.2.8
                                                                                                                                                                                                                                                                  Dec 9, 2024 10:08:22.574985981 CET49710443192.168.2.834.224.200.202
                                                                                                                                                                                                                                                                  Dec 9, 2024 10:08:22.575009108 CET4434971034.224.200.202192.168.2.8
                                                                                                                                                                                                                                                                  Dec 9, 2024 10:08:22.576041937 CET4434971034.224.200.202192.168.2.8
                                                                                                                                                                                                                                                                  Dec 9, 2024 10:08:22.576122999 CET49710443192.168.2.834.224.200.202
                                                                                                                                                                                                                                                                  Dec 9, 2024 10:08:22.577541113 CET49710443192.168.2.834.224.200.202
                                                                                                                                                                                                                                                                  Dec 9, 2024 10:08:22.577687025 CET49710443192.168.2.834.224.200.202

                                                                                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                  Dec 9, 2024 10:07:33.748636961 CET6096253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                  Dec 9, 2024 10:07:33.892524958 CET53609621.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                  Dec 9, 2024 10:08:19.698040962 CET6215153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                  Dec 9, 2024 10:08:20.002413034 CET53621511.1.1.1192.168.2.8

                                                                                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                  Dec 9, 2024 10:07:33.748636961 CET192.168.2.81.1.1.10xcab4Standard query (0)busquedasxurl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 9, 2024 10:08:19.698040962 CET192.168.2.81.1.1.10x2d28Standard query (0)httpbin.orgA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                  Dec 9, 2024 10:07:33.892524958 CET1.1.1.1192.168.2.80xcab4No error (0)busquedasxurl.com82.180.136.22A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 9, 2024 10:08:20.002413034 CET1.1.1.1192.168.2.80x2d28No error (0)httpbin.org34.224.200.202A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 9, 2024 10:08:20.002413034 CET1.1.1.1192.168.2.80x2d28No error (0)httpbin.org44.196.3.45A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                                                  Start time:04:07:14
                                                                                                                                                                                                                                                                  Start date:09/12/2024
                                                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\MkWMm5piE5.exe"
                                                                                                                                                                                                                                                                  Imagebase:0x7ff6331d0000
                                                                                                                                                                                                                                                                  File size:17'155'097 bytes
                                                                                                                                                                                                                                                                  MD5 hash:05D551D9E91E59CFA28C7D7B2A5E2374
                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                  Target ID:2
                                                                                                                                                                                                                                                                  Start time:04:07:16
                                                                                                                                                                                                                                                                  Start date:09/12/2024
                                                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\MkWMm5piE5.exe"
                                                                                                                                                                                                                                                                  Imagebase:0x7ff6331d0000
                                                                                                                                                                                                                                                                  File size:17'155'097 bytes
                                                                                                                                                                                                                                                                  MD5 hash:05D551D9E91E59CFA28C7D7B2A5E2374
                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                                                                                                  Start time:04:07:18
                                                                                                                                                                                                                                                                  Start date:09/12/2024
                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                  Commandline:powershell -Command " Add-Type -AssemblyName System.Windows.Forms Add-Type -AssemblyName System.Drawing $screen = [System.Windows.Forms.SystemInformation]::VirtualScreen $bitmap = New-Object System.Drawing.Bitmap $screen.Width, $screen.Height $graphics = [System.Drawing.Graphics]::FromImage($bitmap) $graphics.CopyFromScreen($screen.Location, [System.Drawing.Point]::Empty, $screen.Size) $bitmap.Save(\"C:\Users\user\AppData\Local\Temp\desktop_screenshot.png\") "
                                                                                                                                                                                                                                                                  Imagebase:0x7ff6cb6b0000
                                                                                                                                                                                                                                                                  File size:452'608 bytes
                                                                                                                                                                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                                                                                                  Start time:04:07:18
                                                                                                                                                                                                                                                                  Start date:09/12/2024
                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                  Imagebase:0x7ff6ee680000
                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                                    Execution Coverage:9.6%
                                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                    Signature Coverage:18.5%
                                                                                                                                                                                                                                                                    Total number of Nodes:2000
                                                                                                                                                                                                                                                                    Total number of Limit Nodes:26
                                                                                                                                                                                                                                                                    execution_graph 19353 7ff6331ecae0 19364 7ff6331f0cb8 EnterCriticalSection 19353->19364 19365 7ff6331ea2e0 19368 7ff6331ea25c 19365->19368 19375 7ff6331f0cb8 EnterCriticalSection 19368->19375 19386 7ff6331faaf4 19389 7ff6331e5378 LeaveCriticalSection 19386->19389 18381 7ff6331fa96e 18382 7ff6331fa97e 18381->18382 18385 7ff6331e5378 LeaveCriticalSection 18382->18385 15245 7ff6331efcec 15246 7ff6331efede 15245->15246 15248 7ff6331efd2e _isindst 15245->15248 15247 7ff6331e54c4 _findclose 11 API calls 15246->15247 15265 7ff6331efece 15247->15265 15248->15246 15251 7ff6331efdae _isindst 15248->15251 15266 7ff6331f6904 15251->15266 15256 7ff6331eff0a 15307 7ff6331eaec4 IsProcessorFeaturePresent 15256->15307 15263 7ff6331efe0b 15263->15265 15291 7ff6331f6948 15263->15291 15298 7ff6331dbcc0 15265->15298 15267 7ff6331f6913 15266->15267 15268 7ff6331efdcc 15266->15268 15311 7ff6331f0cb8 EnterCriticalSection 15267->15311 15273 7ff6331f5d08 15268->15273 15274 7ff6331f5d11 15273->15274 15278 7ff6331efde1 15273->15278 15275 7ff6331e54c4 _findclose 11 API calls 15274->15275 15276 7ff6331f5d16 15275->15276 15312 7ff6331eaea4 15276->15312 15278->15256 15279 7ff6331f5d38 15278->15279 15280 7ff6331f5d41 15279->15280 15281 7ff6331efdf2 15279->15281 15282 7ff6331e54c4 _findclose 11 API calls 15280->15282 15281->15256 15285 7ff6331f5d68 15281->15285 15283 7ff6331f5d46 15282->15283 15284 7ff6331eaea4 _invalid_parameter_noinfo 37 API calls 15283->15284 15284->15281 15286 7ff6331f5d71 15285->15286 15287 7ff6331efe03 15285->15287 15288 7ff6331e54c4 _findclose 11 API calls 15286->15288 15287->15256 15287->15263 15289 7ff6331f5d76 15288->15289 15290 7ff6331eaea4 _invalid_parameter_noinfo 37 API calls 15289->15290 15290->15287 15352 7ff6331f0cb8 EnterCriticalSection 15291->15352 15299 7ff6331dbcc9 15298->15299 15300 7ff6331dbcd4 15299->15300 15301 7ff6331dbd20 IsProcessorFeaturePresent 15299->15301 15302 7ff6331dbd38 15301->15302 15353 7ff6331dbf14 RtlCaptureContext 15302->15353 15308 7ff6331eaed7 15307->15308 15358 7ff6331eabd8 15308->15358 15314 7ff6331ead3c 15312->15314 15315 7ff6331ead67 15314->15315 15318 7ff6331eadd8 15315->15318 15317 7ff6331ead8e 15326 7ff6331eab20 15318->15326 15323 7ff6331eae13 15323->15317 15324 7ff6331eaec4 _wfindfirst32i64 17 API calls 15325 7ff6331eaea3 15324->15325 15327 7ff6331eab3c GetLastError 15326->15327 15328 7ff6331eab77 15326->15328 15329 7ff6331eab4c 15327->15329 15328->15323 15332 7ff6331eab8c 15328->15332 15335 7ff6331eb950 15329->15335 15333 7ff6331eabc0 15332->15333 15334 7ff6331eaba8 GetLastError SetLastError 15332->15334 15333->15323 15333->15324 15334->15333 15336 7ff6331eb96f FlsGetValue 15335->15336 15337 7ff6331eb98a FlsSetValue 15335->15337 15338 7ff6331eb984 15336->15338 15341 7ff6331eab67 SetLastError 15336->15341 15339 7ff6331eb997 15337->15339 15337->15341 15338->15337 15340 7ff6331ef158 _findclose 11 API calls 15339->15340 15342 7ff6331eb9a6 15340->15342 15341->15328 15343 7ff6331eb9c4 FlsSetValue 15342->15343 15344 7ff6331eb9b4 FlsSetValue 15342->15344 15345 7ff6331eb9e2 15343->15345 15346 7ff6331eb9d0 FlsSetValue 15343->15346 15347 7ff6331eb9bd 15344->15347 15348 7ff6331eb4b8 _findclose 11 API calls 15345->15348 15346->15347 15349 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15347->15349 15350 7ff6331eb9ea 15348->15350 15349->15341 15351 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15350->15351 15351->15341 15354 7ff6331dbf2e RtlLookupFunctionEntry 15353->15354 15355 7ff6331dbf44 RtlVirtualUnwind 15354->15355 15356 7ff6331dbd4b 15354->15356 15355->15354 15355->15356 15357 7ff6331dbce0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 15356->15357 15359 7ff6331eac12 _wfindfirst32i64 memcpy_s 15358->15359 15360 7ff6331eac3a RtlCaptureContext RtlLookupFunctionEntry 15359->15360 15361 7ff6331eac74 RtlVirtualUnwind 15360->15361 15362 7ff6331eacaa IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15360->15362 15361->15362 15363 7ff6331eacfc _wfindfirst32i64 15362->15363 15364 7ff6331dbcc0 _wfindfirst32i64 8 API calls 15363->15364 15365 7ff6331ead1b GetCurrentProcess TerminateProcess 15364->15365 15172 7ff6331db240 15173 7ff6331db26e 15172->15173 15174 7ff6331db255 15172->15174 15174->15173 15177 7ff6331edbbc 15174->15177 15178 7ff6331edc07 15177->15178 15182 7ff6331edbcb _findclose 15177->15182 15187 7ff6331e54c4 15178->15187 15180 7ff6331edbee HeapAlloc 15181 7ff6331db2cc 15180->15181 15180->15182 15182->15178 15182->15180 15184 7ff6331f3c00 15182->15184 15190 7ff6331f3c40 15184->15190 15196 7ff6331eb888 GetLastError 15187->15196 15189 7ff6331e54cd 15189->15181 15195 7ff6331f0cb8 EnterCriticalSection 15190->15195 15197 7ff6331eb8c9 FlsSetValue 15196->15197 15202 7ff6331eb8ac 15196->15202 15198 7ff6331eb8db 15197->15198 15210 7ff6331eb8b9 SetLastError 15197->15210 15213 7ff6331ef158 15198->15213 15202->15197 15202->15210 15203 7ff6331eb908 FlsSetValue 15206 7ff6331eb914 FlsSetValue 15203->15206 15207 7ff6331eb926 15203->15207 15204 7ff6331eb8f8 FlsSetValue 15205 7ff6331eb901 15204->15205 15220 7ff6331eaf0c 15205->15220 15206->15205 15226 7ff6331eb4b8 15207->15226 15210->15189 15218 7ff6331ef169 _findclose 15213->15218 15214 7ff6331ef1ba 15217 7ff6331e54c4 _findclose 10 API calls 15214->15217 15215 7ff6331ef19e HeapAlloc 15216 7ff6331eb8ea 15215->15216 15215->15218 15216->15203 15216->15204 15217->15216 15218->15214 15218->15215 15219 7ff6331f3c00 _findclose 2 API calls 15218->15219 15219->15218 15221 7ff6331eaf11 RtlFreeHeap 15220->15221 15222 7ff6331eaf40 15220->15222 15221->15222 15223 7ff6331eaf2c GetLastError 15221->15223 15222->15210 15224 7ff6331eaf39 Concurrency::details::SchedulerProxy::DeleteThis 15223->15224 15225 7ff6331e54c4 _findclose 9 API calls 15224->15225 15225->15222 15231 7ff6331eb390 15226->15231 15243 7ff6331f0cb8 EnterCriticalSection 15231->15243 18451 7ff6331f0f38 18452 7ff6331f0f5c 18451->18452 18455 7ff6331f0f6c 18451->18455 18453 7ff6331e54c4 _findclose 11 API calls 18452->18453 18454 7ff6331f0f61 18453->18454 18456 7ff6331f124c 18455->18456 18457 7ff6331f0f8e 18455->18457 18458 7ff6331e54c4 _findclose 11 API calls 18456->18458 18459 7ff6331f0faf 18457->18459 18582 7ff6331f15f4 18457->18582 18460 7ff6331f1251 18458->18460 18463 7ff6331f1021 18459->18463 18465 7ff6331f0fd5 18459->18465 18470 7ff6331f1015 18459->18470 18462 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18460->18462 18462->18454 18467 7ff6331ef158 _findclose 11 API calls 18463->18467 18483 7ff6331f0fe4 18463->18483 18464 7ff6331f10ce 18473 7ff6331f10eb 18464->18473 18480 7ff6331f113d 18464->18480 18597 7ff6331e9c50 18465->18597 18471 7ff6331f1037 18467->18471 18469 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18469->18454 18470->18464 18470->18483 18603 7ff6331f79fc 18470->18603 18474 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18471->18474 18477 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18473->18477 18478 7ff6331f1045 18474->18478 18475 7ff6331f0fdf 18479 7ff6331e54c4 _findclose 11 API calls 18475->18479 18476 7ff6331f0ffd 18476->18470 18482 7ff6331f15f4 45 API calls 18476->18482 18481 7ff6331f10f4 18477->18481 18478->18470 18478->18483 18486 7ff6331ef158 _findclose 11 API calls 18478->18486 18479->18483 18480->18483 18484 7ff6331f3a4c 40 API calls 18480->18484 18493 7ff6331f10f9 18481->18493 18639 7ff6331f3a4c 18481->18639 18482->18470 18483->18469 18485 7ff6331f117a 18484->18485 18487 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18485->18487 18489 7ff6331f1067 18486->18489 18491 7ff6331f1184 18487->18491 18490 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18489->18490 18490->18470 18491->18483 18491->18493 18492 7ff6331f1240 18495 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18492->18495 18493->18492 18497 7ff6331ef158 _findclose 11 API calls 18493->18497 18494 7ff6331f1125 18496 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18494->18496 18495->18454 18496->18493 18498 7ff6331f11c8 18497->18498 18499 7ff6331f11d0 18498->18499 18500 7ff6331f11d9 18498->18500 18502 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18499->18502 18501 7ff6331eaa3c __std_exception_copy 37 API calls 18500->18501 18503 7ff6331f11e8 18501->18503 18523 7ff6331f11d7 18502->18523 18504 7ff6331f11f0 18503->18504 18505 7ff6331f127b 18503->18505 18648 7ff6331f7b14 18504->18648 18507 7ff6331eaec4 _wfindfirst32i64 17 API calls 18505->18507 18510 7ff6331f128f 18507->18510 18508 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18508->18454 18513 7ff6331f12b8 18510->18513 18518 7ff6331f12c8 18510->18518 18511 7ff6331f1238 18516 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18511->18516 18512 7ff6331f1217 18514 7ff6331e54c4 _findclose 11 API calls 18512->18514 18515 7ff6331e54c4 _findclose 11 API calls 18513->18515 18517 7ff6331f121c 18514->18517 18541 7ff6331f12bd 18515->18541 18516->18492 18520 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18517->18520 18519 7ff6331f15ab 18518->18519 18521 7ff6331f12ea 18518->18521 18522 7ff6331e54c4 _findclose 11 API calls 18519->18522 18520->18523 18524 7ff6331f1307 18521->18524 18667 7ff6331f16dc 18521->18667 18525 7ff6331f15b0 18522->18525 18523->18508 18528 7ff6331f137b 18524->18528 18530 7ff6331f132f 18524->18530 18536 7ff6331f136f 18524->18536 18527 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18525->18527 18527->18541 18532 7ff6331f13a3 18528->18532 18537 7ff6331ef158 _findclose 11 API calls 18528->18537 18552 7ff6331f133e 18528->18552 18529 7ff6331f142e 18539 7ff6331f144b 18529->18539 18549 7ff6331f149e 18529->18549 18682 7ff6331e9c8c 18530->18682 18534 7ff6331ef158 _findclose 11 API calls 18532->18534 18532->18536 18532->18552 18540 7ff6331f13c5 18534->18540 18535 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18535->18541 18536->18529 18536->18552 18688 7ff6331f78bc 18536->18688 18542 7ff6331f1395 18537->18542 18545 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18539->18545 18546 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18540->18546 18547 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18542->18547 18543 7ff6331f1339 18548 7ff6331e54c4 _findclose 11 API calls 18543->18548 18544 7ff6331f1357 18544->18536 18551 7ff6331f16dc 45 API calls 18544->18551 18550 7ff6331f1454 18545->18550 18546->18536 18547->18532 18548->18552 18549->18552 18553 7ff6331f3a4c 40 API calls 18549->18553 18556 7ff6331f3a4c 40 API calls 18550->18556 18559 7ff6331f145a 18550->18559 18551->18536 18552->18535 18554 7ff6331f14dc 18553->18554 18555 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18554->18555 18557 7ff6331f14e6 18555->18557 18560 7ff6331f1486 18556->18560 18557->18552 18557->18559 18558 7ff6331f159f 18561 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18558->18561 18559->18558 18563 7ff6331ef158 _findclose 11 API calls 18559->18563 18562 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18560->18562 18561->18541 18562->18559 18564 7ff6331f152b 18563->18564 18565 7ff6331f1533 18564->18565 18566 7ff6331f153c 18564->18566 18567 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18565->18567 18568 7ff6331f0e54 _wfindfirst32i64 37 API calls 18566->18568 18569 7ff6331f153a 18567->18569 18570 7ff6331f154a 18568->18570 18576 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18569->18576 18571 7ff6331f1552 SetEnvironmentVariableW 18570->18571 18572 7ff6331f15df 18570->18572 18573 7ff6331f1576 18571->18573 18574 7ff6331f1597 18571->18574 18575 7ff6331eaec4 _wfindfirst32i64 17 API calls 18572->18575 18577 7ff6331e54c4 _findclose 11 API calls 18573->18577 18579 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18574->18579 18578 7ff6331f15f3 18575->18578 18576->18541 18580 7ff6331f157b 18577->18580 18579->18558 18581 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18580->18581 18581->18569 18583 7ff6331f1611 18582->18583 18584 7ff6331f1629 18582->18584 18583->18459 18585 7ff6331ef158 _findclose 11 API calls 18584->18585 18586 7ff6331f164d 18585->18586 18587 7ff6331f16ae 18586->18587 18591 7ff6331ef158 _findclose 11 API calls 18586->18591 18592 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18586->18592 18593 7ff6331eaa3c __std_exception_copy 37 API calls 18586->18593 18594 7ff6331f16bd 18586->18594 18596 7ff6331f16d2 18586->18596 18589 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18587->18589 18588 7ff6331eaa9c __CxxCallCatchBlock 45 API calls 18590 7ff6331f16d8 18588->18590 18589->18583 18591->18586 18592->18586 18593->18586 18595 7ff6331eaec4 _wfindfirst32i64 17 API calls 18594->18595 18595->18596 18596->18588 18598 7ff6331e9c69 18597->18598 18599 7ff6331e9c60 18597->18599 18598->18475 18598->18476 18599->18598 18712 7ff6331e9728 18599->18712 18604 7ff6331f6bac 18603->18604 18605 7ff6331f7a09 18603->18605 18606 7ff6331f6bb9 18604->18606 18611 7ff6331f6bef 18604->18611 18607 7ff6331e4f98 45 API calls 18605->18607 18609 7ff6331e54c4 _findclose 11 API calls 18606->18609 18623 7ff6331f6b60 18606->18623 18608 7ff6331f7a3d 18607->18608 18615 7ff6331f7a53 18608->18615 18619 7ff6331f7a6a 18608->18619 18635 7ff6331f7a42 18608->18635 18612 7ff6331f6bc3 18609->18612 18610 7ff6331f6c19 18613 7ff6331e54c4 _findclose 11 API calls 18610->18613 18611->18610 18616 7ff6331f6c3e 18611->18616 18617 7ff6331eaea4 _invalid_parameter_noinfo 37 API calls 18612->18617 18614 7ff6331f6c1e 18613->18614 18618 7ff6331eaea4 _invalid_parameter_noinfo 37 API calls 18614->18618 18621 7ff6331e54c4 _findclose 11 API calls 18615->18621 18620 7ff6331f6c29 18616->18620 18624 7ff6331e4f98 45 API calls 18616->18624 18622 7ff6331f6bce 18617->18622 18618->18620 18626 7ff6331f7a74 18619->18626 18627 7ff6331f7a86 18619->18627 18620->18470 18625 7ff6331f7a58 18621->18625 18622->18470 18623->18470 18624->18620 18630 7ff6331eaea4 _invalid_parameter_noinfo 37 API calls 18625->18630 18631 7ff6331e54c4 _findclose 11 API calls 18626->18631 18628 7ff6331f7aae 18627->18628 18629 7ff6331f7a97 18627->18629 18944 7ff6331f9824 18628->18944 18935 7ff6331f6bfc 18629->18935 18630->18635 18634 7ff6331f7a79 18631->18634 18637 7ff6331eaea4 _invalid_parameter_noinfo 37 API calls 18634->18637 18635->18470 18637->18635 18638 7ff6331e54c4 _findclose 11 API calls 18638->18635 18640 7ff6331f3a6e 18639->18640 18641 7ff6331f3a8b 18639->18641 18640->18641 18642 7ff6331f3a7c 18640->18642 18643 7ff6331f3a95 18641->18643 18984 7ff6331f8508 18641->18984 18644 7ff6331e54c4 _findclose 11 API calls 18642->18644 18991 7ff6331f0ebc 18643->18991 18647 7ff6331f3a81 memcpy_s 18644->18647 18647->18494 18649 7ff6331e4f98 45 API calls 18648->18649 18650 7ff6331f7b7a 18649->18650 18651 7ff6331f7b88 18650->18651 18652 7ff6331ef3e4 5 API calls 18650->18652 18653 7ff6331e5584 14 API calls 18651->18653 18652->18651 18654 7ff6331f7be4 18653->18654 18655 7ff6331f7c74 18654->18655 18656 7ff6331e4f98 45 API calls 18654->18656 18658 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18655->18658 18660 7ff6331f7c85 18655->18660 18657 7ff6331f7bf7 18656->18657 18661 7ff6331ef3e4 5 API calls 18657->18661 18664 7ff6331f7c00 18657->18664 18658->18660 18659 7ff6331f1213 18659->18511 18659->18512 18660->18659 18662 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18660->18662 18661->18664 18662->18659 18663 7ff6331e5584 14 API calls 18665 7ff6331f7c5b 18663->18665 18664->18663 18665->18655 18666 7ff6331f7c63 SetEnvironmentVariableW 18665->18666 18666->18655 18668 7ff6331f171c 18667->18668 18674 7ff6331f16ff 18667->18674 18669 7ff6331ef158 _findclose 11 API calls 18668->18669 18677 7ff6331f1740 18669->18677 18670 7ff6331eaa9c __CxxCallCatchBlock 45 API calls 18672 7ff6331f17ca 18670->18672 18671 7ff6331f17a1 18673 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18671->18673 18673->18674 18674->18524 18675 7ff6331ef158 _findclose 11 API calls 18675->18677 18676 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18676->18677 18677->18671 18677->18675 18677->18676 18678 7ff6331f0e54 _wfindfirst32i64 37 API calls 18677->18678 18679 7ff6331f17b0 18677->18679 18681 7ff6331f17c4 18677->18681 18678->18677 18680 7ff6331eaec4 _wfindfirst32i64 17 API calls 18679->18680 18680->18681 18681->18670 18683 7ff6331e9ca5 18682->18683 18684 7ff6331e9c9c 18682->18684 18683->18543 18683->18544 18684->18683 19003 7ff6331e979c 18684->19003 18689 7ff6331f78c9 18688->18689 18692 7ff6331f78f6 18688->18692 18690 7ff6331f78ce 18689->18690 18689->18692 18691 7ff6331e54c4 _findclose 11 API calls 18690->18691 18694 7ff6331f78d3 18691->18694 18693 7ff6331f793a 18692->18693 18696 7ff6331f7959 18692->18696 18710 7ff6331f792e __crtLCMapStringW 18692->18710 18695 7ff6331e54c4 _findclose 11 API calls 18693->18695 18697 7ff6331eaea4 _invalid_parameter_noinfo 37 API calls 18694->18697 18698 7ff6331f793f 18695->18698 18699 7ff6331f7975 18696->18699 18700 7ff6331f7963 18696->18700 18701 7ff6331f78de 18697->18701 18703 7ff6331eaea4 _invalid_parameter_noinfo 37 API calls 18698->18703 18702 7ff6331e4f98 45 API calls 18699->18702 18704 7ff6331e54c4 _findclose 11 API calls 18700->18704 18701->18536 18705 7ff6331f7982 18702->18705 18703->18710 18706 7ff6331f7968 18704->18706 18705->18710 19050 7ff6331f93e0 18705->19050 18707 7ff6331eaea4 _invalid_parameter_noinfo 37 API calls 18706->18707 18707->18710 18710->18536 18711 7ff6331e54c4 _findclose 11 API calls 18711->18710 18713 7ff6331e9741 18712->18713 18722 7ff6331e973d 18712->18722 18735 7ff6331f2c60 18713->18735 18718 7ff6331e9753 18720 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18718->18720 18719 7ff6331e975f 18761 7ff6331e980c 18719->18761 18720->18722 18722->18598 18727 7ff6331e9a7c 18722->18727 18724 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18725 7ff6331e9786 18724->18725 18726 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18725->18726 18726->18722 18728 7ff6331e9aa5 18727->18728 18733 7ff6331e9abe 18727->18733 18728->18598 18729 7ff6331ef158 _findclose 11 API calls 18729->18733 18730 7ff6331e9b4e 18732 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18730->18732 18731 7ff6331f04c8 WideCharToMultiByte 18731->18733 18732->18728 18733->18728 18733->18729 18733->18730 18733->18731 18734 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18733->18734 18734->18733 18736 7ff6331f2c6d 18735->18736 18737 7ff6331e9746 18735->18737 18780 7ff6331eb7e4 18736->18780 18741 7ff6331f2f9c GetEnvironmentStringsW 18737->18741 18742 7ff6331e974b 18741->18742 18743 7ff6331f2fcc 18741->18743 18742->18718 18742->18719 18744 7ff6331f04c8 WideCharToMultiByte 18743->18744 18745 7ff6331f301d 18744->18745 18746 7ff6331f3024 FreeEnvironmentStringsW 18745->18746 18747 7ff6331edbbc _fread_nolock 12 API calls 18745->18747 18746->18742 18748 7ff6331f3037 18747->18748 18749 7ff6331f303f 18748->18749 18750 7ff6331f3048 18748->18750 18751 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18749->18751 18752 7ff6331f04c8 WideCharToMultiByte 18750->18752 18753 7ff6331f3046 18751->18753 18754 7ff6331f306b 18752->18754 18753->18746 18755 7ff6331f306f 18754->18755 18756 7ff6331f3079 18754->18756 18758 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18755->18758 18757 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18756->18757 18759 7ff6331f3077 FreeEnvironmentStringsW 18757->18759 18758->18759 18759->18742 18762 7ff6331e9831 18761->18762 18763 7ff6331ef158 _findclose 11 API calls 18762->18763 18774 7ff6331e9867 18763->18774 18764 7ff6331e986f 18765 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18764->18765 18766 7ff6331e9767 18765->18766 18766->18724 18767 7ff6331e98e2 18768 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18767->18768 18768->18766 18769 7ff6331ef158 _findclose 11 API calls 18769->18774 18770 7ff6331e98d1 18929 7ff6331e9a38 18770->18929 18772 7ff6331eaa3c __std_exception_copy 37 API calls 18772->18774 18774->18764 18774->18767 18774->18769 18774->18770 18774->18772 18775 7ff6331e9907 18774->18775 18777 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18774->18777 18778 7ff6331eaec4 _wfindfirst32i64 17 API calls 18775->18778 18776 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18776->18764 18777->18774 18779 7ff6331e991a 18778->18779 18781 7ff6331eb7f5 FlsGetValue 18780->18781 18782 7ff6331eb810 FlsSetValue 18780->18782 18783 7ff6331eb802 18781->18783 18784 7ff6331eb80a 18781->18784 18782->18783 18785 7ff6331eb81d 18782->18785 18786 7ff6331eb808 18783->18786 18787 7ff6331eaa9c __CxxCallCatchBlock 45 API calls 18783->18787 18784->18782 18788 7ff6331ef158 _findclose 11 API calls 18785->18788 18800 7ff6331f2934 18786->18800 18789 7ff6331eb885 18787->18789 18790 7ff6331eb82c 18788->18790 18791 7ff6331eb84a FlsSetValue 18790->18791 18792 7ff6331eb83a FlsSetValue 18790->18792 18793 7ff6331eb868 18791->18793 18794 7ff6331eb856 FlsSetValue 18791->18794 18795 7ff6331eb843 18792->18795 18796 7ff6331eb4b8 _findclose 11 API calls 18793->18796 18794->18795 18797 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18795->18797 18798 7ff6331eb870 18796->18798 18797->18783 18799 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18798->18799 18799->18786 18823 7ff6331f2ba4 18800->18823 18802 7ff6331f2969 18838 7ff6331f2634 18802->18838 18805 7ff6331edbbc _fread_nolock 12 API calls 18806 7ff6331f2997 18805->18806 18807 7ff6331f299f 18806->18807 18810 7ff6331f29ae 18806->18810 18808 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18807->18808 18809 7ff6331f2986 18808->18809 18809->18737 18845 7ff6331f2cdc 18810->18845 18813 7ff6331f2aaa 18814 7ff6331e54c4 _findclose 11 API calls 18813->18814 18815 7ff6331f2aaf 18814->18815 18817 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18815->18817 18816 7ff6331f2b05 18819 7ff6331f2b6c 18816->18819 18856 7ff6331f2464 18816->18856 18817->18809 18818 7ff6331f2ac4 18818->18816 18822 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18818->18822 18821 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18819->18821 18821->18809 18822->18816 18824 7ff6331f2bc7 18823->18824 18825 7ff6331f2bd1 18824->18825 18871 7ff6331f0cb8 EnterCriticalSection 18824->18871 18827 7ff6331f2c43 18825->18827 18829 7ff6331eaa9c __CxxCallCatchBlock 45 API calls 18825->18829 18827->18802 18831 7ff6331f2c5b 18829->18831 18834 7ff6331eb7e4 50 API calls 18831->18834 18837 7ff6331f2cb2 18831->18837 18835 7ff6331f2c9c 18834->18835 18836 7ff6331f2934 65 API calls 18835->18836 18836->18837 18837->18802 18839 7ff6331e4f98 45 API calls 18838->18839 18840 7ff6331f2648 18839->18840 18841 7ff6331f2654 GetOEMCP 18840->18841 18842 7ff6331f2666 18840->18842 18844 7ff6331f267b 18841->18844 18843 7ff6331f266b GetACP 18842->18843 18842->18844 18843->18844 18844->18805 18844->18809 18846 7ff6331f2634 47 API calls 18845->18846 18849 7ff6331f2d09 18846->18849 18847 7ff6331f2e5f 18851 7ff6331dbcc0 _wfindfirst32i64 8 API calls 18847->18851 18848 7ff6331f2d60 memcpy_s 18872 7ff6331f274c 18848->18872 18849->18847 18849->18848 18850 7ff6331f2d46 IsValidCodePage 18849->18850 18850->18847 18852 7ff6331f2d57 18850->18852 18853 7ff6331f2aa1 18851->18853 18852->18848 18854 7ff6331f2d86 GetCPInfo 18852->18854 18853->18813 18853->18818 18854->18847 18854->18848 18928 7ff6331f0cb8 EnterCriticalSection 18856->18928 18873 7ff6331f2789 GetCPInfo 18872->18873 18882 7ff6331f287f 18872->18882 18879 7ff6331f279c 18873->18879 18873->18882 18874 7ff6331dbcc0 _wfindfirst32i64 8 API calls 18876 7ff6331f291e 18874->18876 18875 7ff6331f34b0 48 API calls 18877 7ff6331f2813 18875->18877 18876->18847 18883 7ff6331f8454 18877->18883 18879->18875 18881 7ff6331f8454 54 API calls 18881->18882 18882->18874 18884 7ff6331e4f98 45 API calls 18883->18884 18885 7ff6331f8479 18884->18885 18888 7ff6331f8120 18885->18888 18889 7ff6331f8161 18888->18889 18890 7ff6331efc00 _fread_nolock MultiByteToWideChar 18889->18890 18891 7ff6331f81ab 18890->18891 18894 7ff6331f82e1 18891->18894 18895 7ff6331edbbc _fread_nolock 12 API calls 18891->18895 18896 7ff6331f8429 18891->18896 18897 7ff6331f81e3 18891->18897 18892 7ff6331dbcc0 _wfindfirst32i64 8 API calls 18893 7ff6331f2846 18892->18893 18893->18881 18894->18896 18898 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18894->18898 18895->18897 18896->18892 18897->18894 18899 7ff6331efc00 _fread_nolock MultiByteToWideChar 18897->18899 18898->18896 18900 7ff6331f8256 18899->18900 18900->18894 18919 7ff6331ef5a4 18900->18919 18903 7ff6331f82f2 18906 7ff6331edbbc _fread_nolock 12 API calls 18903->18906 18907 7ff6331f83c4 18903->18907 18909 7ff6331f8310 18903->18909 18904 7ff6331f82a1 18904->18894 18905 7ff6331ef5a4 __crtLCMapStringW 6 API calls 18904->18905 18905->18894 18906->18909 18907->18894 18908 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18907->18908 18908->18894 18909->18894 18910 7ff6331ef5a4 __crtLCMapStringW 6 API calls 18909->18910 18911 7ff6331f8390 18910->18911 18911->18907 18912 7ff6331f83b0 18911->18912 18913 7ff6331f83c6 18911->18913 18914 7ff6331f04c8 WideCharToMultiByte 18912->18914 18915 7ff6331f04c8 WideCharToMultiByte 18913->18915 18916 7ff6331f83be 18914->18916 18915->18916 18916->18907 18917 7ff6331f83de 18916->18917 18917->18894 18918 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18917->18918 18918->18894 18920 7ff6331ef1d0 __crtLCMapStringW 5 API calls 18919->18920 18921 7ff6331ef5e2 18920->18921 18922 7ff6331ef5ea 18921->18922 18925 7ff6331ef690 18921->18925 18922->18894 18922->18903 18922->18904 18924 7ff6331ef653 LCMapStringW 18924->18922 18926 7ff6331ef1d0 __crtLCMapStringW 5 API calls 18925->18926 18927 7ff6331ef6be __crtLCMapStringW 18926->18927 18927->18924 18930 7ff6331e9a3d 18929->18930 18931 7ff6331e98d9 18929->18931 18932 7ff6331e9a66 18930->18932 18933 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18930->18933 18931->18776 18934 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18932->18934 18933->18930 18934->18931 18936 7ff6331f6c30 18935->18936 18937 7ff6331f6c19 18935->18937 18936->18937 18940 7ff6331f6c3e 18936->18940 18938 7ff6331e54c4 _findclose 11 API calls 18937->18938 18939 7ff6331f6c1e 18938->18939 18941 7ff6331eaea4 _invalid_parameter_noinfo 37 API calls 18939->18941 18942 7ff6331e4f98 45 API calls 18940->18942 18943 7ff6331f6c29 18940->18943 18941->18943 18942->18943 18943->18635 18945 7ff6331e4f98 45 API calls 18944->18945 18946 7ff6331f9849 18945->18946 18949 7ff6331f94a0 18946->18949 18953 7ff6331f94ee 18949->18953 18950 7ff6331dbcc0 _wfindfirst32i64 8 API calls 18951 7ff6331f7ad5 18950->18951 18951->18635 18951->18638 18952 7ff6331f9575 18954 7ff6331efc00 _fread_nolock MultiByteToWideChar 18952->18954 18956 7ff6331f9579 18952->18956 18953->18952 18955 7ff6331f9560 GetCPInfo 18953->18955 18953->18956 18957 7ff6331f960d 18954->18957 18955->18952 18955->18956 18956->18950 18957->18956 18958 7ff6331edbbc _fread_nolock 12 API calls 18957->18958 18959 7ff6331f9644 18957->18959 18958->18959 18959->18956 18960 7ff6331efc00 _fread_nolock MultiByteToWideChar 18959->18960 18961 7ff6331f96b2 18960->18961 18962 7ff6331f9794 18961->18962 18963 7ff6331efc00 _fread_nolock MultiByteToWideChar 18961->18963 18962->18956 18964 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18962->18964 18965 7ff6331f96d8 18963->18965 18964->18956 18965->18962 18966 7ff6331edbbc _fread_nolock 12 API calls 18965->18966 18967 7ff6331f9705 18965->18967 18966->18967 18967->18962 18968 7ff6331efc00 _fread_nolock MultiByteToWideChar 18967->18968 18969 7ff6331f977c 18968->18969 18970 7ff6331f9782 18969->18970 18971 7ff6331f979c 18969->18971 18970->18962 18973 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18970->18973 18978 7ff6331ef428 18971->18978 18973->18962 18975 7ff6331f97db 18975->18956 18977 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18975->18977 18976 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18976->18975 18977->18956 18979 7ff6331ef1d0 __crtLCMapStringW 5 API calls 18978->18979 18980 7ff6331ef466 18979->18980 18981 7ff6331ef46e 18980->18981 18982 7ff6331ef690 __crtLCMapStringW 5 API calls 18980->18982 18981->18975 18981->18976 18983 7ff6331ef4d7 CompareStringW 18982->18983 18983->18981 18985 7ff6331f8511 18984->18985 18986 7ff6331f852a HeapSize 18984->18986 18987 7ff6331e54c4 _findclose 11 API calls 18985->18987 18988 7ff6331f8516 18987->18988 18989 7ff6331eaea4 _invalid_parameter_noinfo 37 API calls 18988->18989 18990 7ff6331f8521 18989->18990 18990->18643 18992 7ff6331f0ed1 18991->18992 18993 7ff6331f0edb 18991->18993 18995 7ff6331edbbc _fread_nolock 12 API calls 18992->18995 18994 7ff6331f0ee0 18993->18994 19001 7ff6331f0ee7 _findclose 18993->19001 18996 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18994->18996 18999 7ff6331f0ed9 18995->18999 18996->18999 18997 7ff6331f0eed 19000 7ff6331e54c4 _findclose 11 API calls 18997->19000 18998 7ff6331f0f1a HeapReAlloc 18998->18999 18998->19001 18999->18647 19000->18999 19001->18997 19001->18998 19002 7ff6331f3c00 _findclose 2 API calls 19001->19002 19002->19001 19004 7ff6331e97b5 19003->19004 19012 7ff6331e97b1 19003->19012 19024 7ff6331f30ac GetEnvironmentStringsW 19004->19024 19007 7ff6331e97c2 19010 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19007->19010 19008 7ff6331e97ce 19031 7ff6331e991c 19008->19031 19010->19012 19012->18683 19016 7ff6331e9b5c 19012->19016 19013 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19014 7ff6331e97f5 19013->19014 19015 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19014->19015 19015->19012 19017 7ff6331e9b7f 19016->19017 19020 7ff6331e9b96 19016->19020 19017->18683 19018 7ff6331efc00 MultiByteToWideChar _fread_nolock 19018->19020 19019 7ff6331ef158 _findclose 11 API calls 19019->19020 19020->19017 19020->19018 19020->19019 19021 7ff6331e9c0a 19020->19021 19023 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19020->19023 19022 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19021->19022 19022->19017 19023->19020 19025 7ff6331e97ba 19024->19025 19026 7ff6331f30d0 19024->19026 19025->19007 19025->19008 19027 7ff6331edbbc _fread_nolock 12 API calls 19026->19027 19028 7ff6331f3107 memcpy_s 19027->19028 19029 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19028->19029 19030 7ff6331f3127 FreeEnvironmentStringsW 19029->19030 19030->19025 19033 7ff6331e9944 19031->19033 19032 7ff6331ef158 _findclose 11 API calls 19046 7ff6331e997f 19032->19046 19033->19032 19034 7ff6331e9987 19035 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19034->19035 19037 7ff6331e97d6 19035->19037 19036 7ff6331e9a01 19038 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19036->19038 19037->19013 19038->19037 19039 7ff6331ef158 _findclose 11 API calls 19039->19046 19040 7ff6331e99f0 19042 7ff6331e9a38 11 API calls 19040->19042 19041 7ff6331f0e54 _wfindfirst32i64 37 API calls 19041->19046 19043 7ff6331e99f8 19042->19043 19044 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19043->19044 19044->19034 19045 7ff6331e9a24 19047 7ff6331eaec4 _wfindfirst32i64 17 API calls 19045->19047 19046->19034 19046->19036 19046->19039 19046->19040 19046->19041 19046->19045 19048 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19046->19048 19049 7ff6331e9a36 19047->19049 19048->19046 19051 7ff6331f9409 __crtLCMapStringW 19050->19051 19052 7ff6331f79be 19051->19052 19053 7ff6331ef428 6 API calls 19051->19053 19052->18710 19052->18711 19053->19052 19513 7ff6331f1d20 19524 7ff6331f7cb4 19513->19524 19525 7ff6331f7cc1 19524->19525 19526 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19525->19526 19528 7ff6331f7cdd 19525->19528 19526->19525 19527 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19527->19528 19528->19527 19529 7ff6331f1d29 19528->19529 19530 7ff6331f0cb8 EnterCriticalSection 19529->19530 15366 7ff6331dc07c 15387 7ff6331dc24c 15366->15387 15369 7ff6331dc1c8 15483 7ff6331dc57c IsProcessorFeaturePresent 15369->15483 15370 7ff6331dc098 __scrt_acquire_startup_lock 15372 7ff6331dc1d2 15370->15372 15379 7ff6331dc0b6 __scrt_release_startup_lock 15370->15379 15373 7ff6331dc57c 7 API calls 15372->15373 15375 7ff6331dc1dd __CxxCallCatchBlock 15373->15375 15374 7ff6331dc0db 15376 7ff6331dc161 15393 7ff6331dc6c8 15376->15393 15378 7ff6331dc166 15396 7ff6331d1000 15378->15396 15379->15374 15379->15376 15472 7ff6331ea0bc 15379->15472 15384 7ff6331dc189 15384->15375 15479 7ff6331dc3e0 15384->15479 15490 7ff6331dc84c 15387->15490 15390 7ff6331dc090 15390->15369 15390->15370 15391 7ff6331dc27b __scrt_initialize_crt 15391->15390 15492 7ff6331dd998 15391->15492 15519 7ff6331dd0e0 15393->15519 15397 7ff6331d100b 15396->15397 15521 7ff6331d86b0 15397->15521 15399 7ff6331d101d 15528 7ff6331e5ef8 15399->15528 15401 7ff6331d39cb 15535 7ff6331d1eb0 15401->15535 15405 7ff6331dbcc0 _wfindfirst32i64 8 API calls 15406 7ff6331d3ae6 15405->15406 15477 7ff6331dc70c GetModuleHandleW 15406->15477 15407 7ff6331d39ea 15470 7ff6331d3ad2 15407->15470 15551 7ff6331d7b60 15407->15551 15409 7ff6331d3a1f 15410 7ff6331d3a6b 15409->15410 15412 7ff6331d7b60 61 API calls 15409->15412 15566 7ff6331d8040 15410->15566 15416 7ff6331d3a40 __vcrt_freefls 15412->15416 15413 7ff6331d3a80 15570 7ff6331d1cb0 15413->15570 15416->15410 15420 7ff6331d8040 58 API calls 15416->15420 15417 7ff6331d3b71 15418 7ff6331d3b95 15417->15418 15589 7ff6331d14f0 15417->15589 15423 7ff6331d3bef 15418->15423 15418->15470 15596 7ff6331d8ae0 15418->15596 15419 7ff6331d1cb0 121 API calls 15421 7ff6331d3ab6 15419->15421 15420->15410 15425 7ff6331d3aba 15421->15425 15426 7ff6331d3af8 15421->15426 15610 7ff6331d6de0 15423->15610 15651 7ff6331d2b30 15425->15651 15426->15417 15664 7ff6331d3fd0 15426->15664 15428 7ff6331d3bcc 15432 7ff6331d3be2 SetDllDirectoryW 15428->15432 15433 7ff6331d3bd1 15428->15433 15432->15423 15435 7ff6331d2b30 59 API calls 15433->15435 15435->15470 15437 7ff6331d3b16 15442 7ff6331d2b30 59 API calls 15437->15442 15438 7ff6331d3c09 15464 7ff6331d3c3b 15438->15464 15696 7ff6331d65f0 15438->15696 15440 7ff6331d3d06 15614 7ff6331d34c0 15440->15614 15441 7ff6331d3b44 15441->15417 15445 7ff6331d3b49 15441->15445 15442->15470 15683 7ff6331e018c 15445->15683 15449 7ff6331d3c5a 15455 7ff6331d3ca5 15449->15455 15738 7ff6331d1ef0 15449->15738 15450 7ff6331d3c3d 15732 7ff6331d6840 15450->15732 15455->15470 15742 7ff6331d3460 15455->15742 15457 7ff6331d3d2e 15459 7ff6331d7b60 61 API calls 15457->15459 15463 7ff6331d3d3a 15459->15463 15461 7ff6331d3ce1 15466 7ff6331d6840 FreeLibrary 15461->15466 15628 7ff6331d8080 15463->15628 15464->15440 15464->15449 15466->15470 15470->15405 15473 7ff6331ea0f4 15472->15473 15474 7ff6331ea0d3 15472->15474 18272 7ff6331ea968 15473->18272 15474->15376 15478 7ff6331dc71d 15477->15478 15478->15384 15480 7ff6331dc3f1 15479->15480 15481 7ff6331dc1a0 15480->15481 15482 7ff6331dd998 __scrt_initialize_crt 7 API calls 15480->15482 15481->15374 15482->15481 15484 7ff6331dc5a2 _wfindfirst32i64 memcpy_s 15483->15484 15485 7ff6331dc5c1 RtlCaptureContext RtlLookupFunctionEntry 15484->15485 15486 7ff6331dc5ea RtlVirtualUnwind 15485->15486 15487 7ff6331dc626 memcpy_s 15485->15487 15486->15487 15488 7ff6331dc658 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15487->15488 15489 7ff6331dc6aa _wfindfirst32i64 15488->15489 15489->15372 15491 7ff6331dc26e __scrt_dllmain_crt_thread_attach 15490->15491 15491->15390 15491->15391 15493 7ff6331dd9a0 15492->15493 15494 7ff6331dd9aa 15492->15494 15498 7ff6331ddd14 15493->15498 15494->15390 15499 7ff6331ddd23 15498->15499 15500 7ff6331dd9a5 15498->15500 15506 7ff6331ddf50 15499->15506 15502 7ff6331ddd80 15500->15502 15503 7ff6331dddab 15502->15503 15504 7ff6331dddaf 15503->15504 15505 7ff6331ddd8e DeleteCriticalSection 15503->15505 15504->15494 15505->15503 15510 7ff6331dddb8 15506->15510 15511 7ff6331dded2 TlsFree 15510->15511 15516 7ff6331dddfc __vcrt_InitializeCriticalSectionEx 15510->15516 15512 7ff6331dde2a LoadLibraryExW 15514 7ff6331ddea1 15512->15514 15515 7ff6331dde4b GetLastError 15512->15515 15513 7ff6331ddec1 GetProcAddress 15513->15511 15514->15513 15517 7ff6331ddeb8 FreeLibrary 15514->15517 15515->15516 15516->15511 15516->15512 15516->15513 15518 7ff6331dde6d LoadLibraryExW 15516->15518 15517->15513 15518->15514 15518->15516 15520 7ff6331dc6df GetStartupInfoW 15519->15520 15520->15378 15523 7ff6331d86cf 15521->15523 15522 7ff6331d8720 WideCharToMultiByte 15522->15523 15526 7ff6331d87c6 15522->15526 15523->15522 15525 7ff6331d8774 WideCharToMultiByte 15523->15525 15523->15526 15527 7ff6331d86d7 __vcrt_freefls 15523->15527 15525->15523 15525->15526 15790 7ff6331d29e0 15526->15790 15527->15399 15530 7ff6331f0050 15528->15530 15529 7ff6331eadd8 _invalid_parameter_noinfo 37 API calls 15534 7ff6331f00cc 15529->15534 15531 7ff6331f00f6 15530->15531 15532 7ff6331f00a3 15530->15532 16180 7ff6331eff28 15531->16180 15532->15529 15534->15401 15536 7ff6331d1ec5 15535->15536 15537 7ff6331d1ee0 15536->15537 16188 7ff6331d2890 15536->16188 15537->15470 15539 7ff6331d3ec0 15537->15539 15540 7ff6331dbc60 15539->15540 15541 7ff6331d3ecc GetModuleFileNameW 15540->15541 15542 7ff6331d3f12 15541->15542 15543 7ff6331d3efb 15541->15543 16228 7ff6331d8bf0 15542->16228 15544 7ff6331d29e0 57 API calls 15543->15544 15546 7ff6331d3f0e 15544->15546 15549 7ff6331dbcc0 _wfindfirst32i64 8 API calls 15546->15549 15548 7ff6331d2b30 59 API calls 15548->15546 15550 7ff6331d3f4f 15549->15550 15550->15407 15552 7ff6331d7b6a 15551->15552 15553 7ff6331d8ae0 57 API calls 15552->15553 15554 7ff6331d7b8c GetEnvironmentVariableW 15553->15554 15555 7ff6331d7ba4 ExpandEnvironmentStringsW 15554->15555 15556 7ff6331d7bf6 15554->15556 15557 7ff6331d8bf0 59 API calls 15555->15557 15558 7ff6331dbcc0 _wfindfirst32i64 8 API calls 15556->15558 15559 7ff6331d7bcc 15557->15559 15560 7ff6331d7c08 15558->15560 15559->15556 15561 7ff6331d7bd6 15559->15561 15560->15409 16239 7ff6331ea99c 15561->16239 15564 7ff6331dbcc0 _wfindfirst32i64 8 API calls 15565 7ff6331d7bee 15564->15565 15565->15409 15567 7ff6331d8ae0 57 API calls 15566->15567 15568 7ff6331d8057 SetEnvironmentVariableW 15567->15568 15569 7ff6331d806f __vcrt_freefls 15568->15569 15569->15413 15571 7ff6331d1cbe 15570->15571 15572 7ff6331d1ef0 49 API calls 15571->15572 15573 7ff6331d1cf4 15572->15573 15574 7ff6331d1dde 15573->15574 15575 7ff6331d1ef0 49 API calls 15573->15575 15577 7ff6331dbcc0 _wfindfirst32i64 8 API calls 15574->15577 15576 7ff6331d1d1a 15575->15576 15576->15574 16246 7ff6331d1aa0 15576->16246 15578 7ff6331d1e6c 15577->15578 15578->15417 15578->15419 15582 7ff6331d1dcc 15583 7ff6331d3e40 49 API calls 15582->15583 15583->15574 15584 7ff6331d1d8f 15584->15582 15585 7ff6331d1e34 15584->15585 15586 7ff6331d3e40 49 API calls 15585->15586 15587 7ff6331d1e41 15586->15587 16282 7ff6331d4050 15587->16282 15590 7ff6331d1506 15589->15590 15592 7ff6331d157f 15589->15592 16324 7ff6331d7950 15590->16324 15592->15418 15594 7ff6331d2b30 59 API calls 15595 7ff6331d1564 15594->15595 15595->15418 15597 7ff6331d8b01 MultiByteToWideChar 15596->15597 15598 7ff6331d8b87 MultiByteToWideChar 15596->15598 15601 7ff6331d8b4c 15597->15601 15602 7ff6331d8b27 15597->15602 15599 7ff6331d8bcf 15598->15599 15600 7ff6331d8baa 15598->15600 15599->15428 15603 7ff6331d29e0 55 API calls 15600->15603 15601->15598 15607 7ff6331d8b62 15601->15607 15604 7ff6331d29e0 55 API calls 15602->15604 15605 7ff6331d8bbd 15603->15605 15606 7ff6331d8b3a 15604->15606 15605->15428 15606->15428 15608 7ff6331d29e0 55 API calls 15607->15608 15609 7ff6331d8b75 15608->15609 15609->15428 15611 7ff6331d6df5 15610->15611 15612 7ff6331d3bf4 15611->15612 15613 7ff6331d2890 59 API calls 15611->15613 15612->15464 15687 7ff6331d6a90 15612->15687 15613->15612 15615 7ff6331d3574 15614->15615 15618 7ff6331d3533 15614->15618 15616 7ff6331dbcc0 _wfindfirst32i64 8 API calls 15615->15616 15617 7ff6331d35c5 15616->15617 15617->15470 15621 7ff6331d7fd0 15617->15621 15618->15615 16866 7ff6331d1710 15618->16866 16908 7ff6331d2d70 15618->16908 15622 7ff6331d8ae0 57 API calls 15621->15622 15623 7ff6331d7fef 15622->15623 15624 7ff6331d8ae0 57 API calls 15623->15624 15625 7ff6331d7fff 15624->15625 15626 7ff6331e7dec 38 API calls 15625->15626 15627 7ff6331d800d __vcrt_freefls 15626->15627 15627->15457 15629 7ff6331d8090 15628->15629 15630 7ff6331d8ae0 57 API calls 15629->15630 15631 7ff6331d80c1 SetConsoleCtrlHandler GetStartupInfoW 15630->15631 15652 7ff6331d2b50 15651->15652 15653 7ff6331e4ac4 49 API calls 15652->15653 15654 7ff6331d2b9b memcpy_s 15653->15654 15655 7ff6331d8ae0 57 API calls 15654->15655 15656 7ff6331d2bd0 15655->15656 15657 7ff6331d2bd5 15656->15657 15658 7ff6331d2c0d MessageBoxA 15656->15658 15659 7ff6331d8ae0 57 API calls 15657->15659 15660 7ff6331d2c27 15658->15660 15661 7ff6331d2bef MessageBoxW 15659->15661 15662 7ff6331dbcc0 _wfindfirst32i64 8 API calls 15660->15662 15661->15660 15663 7ff6331d2c37 15662->15663 15663->15470 15665 7ff6331d3fdc 15664->15665 15666 7ff6331d8ae0 57 API calls 15665->15666 15667 7ff6331d4007 15666->15667 15668 7ff6331d8ae0 57 API calls 15667->15668 15669 7ff6331d401a 15668->15669 17415 7ff6331e64a8 15669->17415 15672 7ff6331dbcc0 _wfindfirst32i64 8 API calls 15673 7ff6331d3b0e 15672->15673 15673->15437 15674 7ff6331d82b0 15673->15674 15675 7ff6331d82d4 15674->15675 15676 7ff6331e0814 73 API calls 15675->15676 15681 7ff6331d83ab __vcrt_freefls 15675->15681 15677 7ff6331d82ee 15676->15677 15677->15681 17794 7ff6331e9070 15677->17794 15681->15441 15684 7ff6331e01bc 15683->15684 17809 7ff6331dff68 15684->17809 15688 7ff6331d6ab3 15687->15688 15690 7ff6331d6aca 15687->15690 15688->15690 17820 7ff6331d15a0 15688->17820 15690->15438 15691 7ff6331d6ad4 15691->15690 15692 7ff6331d4050 49 API calls 15691->15692 15693 7ff6331d6b35 15692->15693 15694 7ff6331d2b30 59 API calls 15693->15694 15695 7ff6331d6ba5 memcpy_s __vcrt_freefls 15693->15695 15694->15690 15695->15438 15711 7ff6331d660a memcpy_s 15696->15711 15698 7ff6331d672f 15700 7ff6331d4050 49 API calls 15698->15700 15699 7ff6331d674b 15702 7ff6331d2b30 59 API calls 15699->15702 15701 7ff6331d67a8 15700->15701 15705 7ff6331d4050 49 API calls 15701->15705 15706 7ff6331d6741 __vcrt_freefls 15702->15706 15703 7ff6331d4050 49 API calls 15703->15711 15704 7ff6331d6710 15704->15698 15707 7ff6331d4050 49 API calls 15704->15707 15708 7ff6331d67d8 15705->15708 15709 7ff6331dbcc0 _wfindfirst32i64 8 API calls 15706->15709 15707->15698 15713 7ff6331d4050 49 API calls 15708->15713 15710 7ff6331d3c1a 15709->15710 15710->15450 15716 7ff6331d6570 15710->15716 15711->15698 15711->15699 15711->15703 15711->15704 15712 7ff6331d1710 144 API calls 15711->15712 15714 7ff6331d6731 15711->15714 17844 7ff6331d1950 15711->17844 15712->15711 15713->15706 15715 7ff6331d2b30 59 API calls 15714->15715 15715->15706 17848 7ff6331d8260 15716->17848 15718 7ff6331d658c 15719 7ff6331d8260 58 API calls 15718->15719 15720 7ff6331d659f 15719->15720 15721 7ff6331d65d5 15720->15721 15722 7ff6331d65b7 15720->15722 15723 7ff6331d2b30 59 API calls 15721->15723 17852 7ff6331d6ef0 GetProcAddress 15722->17852 15733 7ff6331d6852 15732->15733 15737 7ff6331d687d 15732->15737 15736 7ff6331d693b 15733->15736 15733->15737 17911 7ff6331d8240 FreeLibrary 15733->17911 15736->15737 17912 7ff6331d8240 FreeLibrary 15736->17912 15737->15464 15739 7ff6331d1f15 15738->15739 15740 7ff6331e4ac4 49 API calls 15739->15740 15741 7ff6331d1f38 15740->15741 15741->15455 17913 7ff6331d5bc0 15742->17913 15745 7ff6331d34ad 15745->15461 15809 7ff6331dbc60 15790->15809 15793 7ff6331d2a29 15811 7ff6331e4ac4 15793->15811 15798 7ff6331d1ef0 49 API calls 15799 7ff6331d2a86 memcpy_s 15798->15799 15800 7ff6331d8ae0 54 API calls 15799->15800 15801 7ff6331d2abb 15800->15801 15802 7ff6331d2ac0 15801->15802 15803 7ff6331d2af8 MessageBoxA 15801->15803 15804 7ff6331d8ae0 54 API calls 15802->15804 15805 7ff6331d2b12 15803->15805 15806 7ff6331d2ada MessageBoxW 15804->15806 15807 7ff6331dbcc0 _wfindfirst32i64 8 API calls 15805->15807 15806->15805 15808 7ff6331d2b22 15807->15808 15808->15527 15810 7ff6331d29fc GetLastError 15809->15810 15810->15793 15813 7ff6331e4b1e 15811->15813 15812 7ff6331e4b43 15814 7ff6331eadd8 _invalid_parameter_noinfo 37 API calls 15812->15814 15813->15812 15815 7ff6331e4b7f 15813->15815 15817 7ff6331e4b6d 15814->15817 15841 7ff6331e2d50 15815->15841 15819 7ff6331dbcc0 _wfindfirst32i64 8 API calls 15817->15819 15818 7ff6331e4c5c 15820 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15818->15820 15821 7ff6331d2a57 15819->15821 15820->15817 15829 7ff6331d8560 15821->15829 15823 7ff6331e4c31 15825 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15823->15825 15824 7ff6331e4c80 15824->15818 15827 7ff6331e4c8a 15824->15827 15825->15817 15826 7ff6331e4c28 15826->15818 15826->15823 15828 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15827->15828 15828->15817 15830 7ff6331d856c 15829->15830 15831 7ff6331d858d FormatMessageW 15830->15831 15832 7ff6331d8587 GetLastError 15830->15832 15833 7ff6331d85c0 15831->15833 15834 7ff6331d85dc WideCharToMultiByte 15831->15834 15832->15831 15835 7ff6331d29e0 54 API calls 15833->15835 15836 7ff6331d85d3 15834->15836 15837 7ff6331d8616 15834->15837 15835->15836 15839 7ff6331dbcc0 _wfindfirst32i64 8 API calls 15836->15839 15838 7ff6331d29e0 54 API calls 15837->15838 15838->15836 15840 7ff6331d2a5e 15839->15840 15840->15798 15842 7ff6331e2d8e 15841->15842 15843 7ff6331e2d7e 15841->15843 15844 7ff6331e2d97 15842->15844 15849 7ff6331e2dc5 15842->15849 15845 7ff6331eadd8 _invalid_parameter_noinfo 37 API calls 15843->15845 15846 7ff6331eadd8 _invalid_parameter_noinfo 37 API calls 15844->15846 15847 7ff6331e2dbd 15845->15847 15846->15847 15847->15818 15847->15823 15847->15824 15847->15826 15849->15843 15849->15847 15851 7ff6331e3074 15849->15851 15855 7ff6331e36e0 15849->15855 15881 7ff6331e33a8 15849->15881 15911 7ff6331e2c30 15849->15911 15914 7ff6331e4900 15849->15914 15853 7ff6331eadd8 _invalid_parameter_noinfo 37 API calls 15851->15853 15853->15843 15856 7ff6331e3722 15855->15856 15857 7ff6331e3795 15855->15857 15858 7ff6331e37bf 15856->15858 15859 7ff6331e3728 15856->15859 15860 7ff6331e37ef 15857->15860 15861 7ff6331e379a 15857->15861 15938 7ff6331e1c90 15858->15938 15866 7ff6331e372d 15859->15866 15869 7ff6331e37fe 15859->15869 15860->15858 15860->15869 15879 7ff6331e3758 15860->15879 15862 7ff6331e37cf 15861->15862 15863 7ff6331e379c 15861->15863 15945 7ff6331e1880 15862->15945 15865 7ff6331e373d 15863->15865 15872 7ff6331e37ab 15863->15872 15880 7ff6331e382d 15865->15880 15920 7ff6331e4044 15865->15920 15866->15865 15870 7ff6331e3770 15866->15870 15866->15879 15869->15880 15952 7ff6331e20a0 15869->15952 15870->15880 15930 7ff6331e4500 15870->15930 15872->15858 15873 7ff6331e37b0 15872->15873 15873->15880 15934 7ff6331e4698 15873->15934 15875 7ff6331dbcc0 _wfindfirst32i64 8 API calls 15877 7ff6331e3ac3 15875->15877 15877->15849 15879->15880 15959 7ff6331eee18 15879->15959 15880->15875 15882 7ff6331e33b3 15881->15882 15883 7ff6331e33c9 15881->15883 15885 7ff6331e3407 15882->15885 15886 7ff6331e3722 15882->15886 15887 7ff6331e3795 15882->15887 15884 7ff6331eadd8 _invalid_parameter_noinfo 37 API calls 15883->15884 15883->15885 15884->15885 15885->15849 15888 7ff6331e37bf 15886->15888 15889 7ff6331e3728 15886->15889 15890 7ff6331e37ef 15887->15890 15891 7ff6331e379a 15887->15891 15894 7ff6331e1c90 38 API calls 15888->15894 15898 7ff6331e372d 15889->15898 15900 7ff6331e37fe 15889->15900 15890->15888 15890->15900 15909 7ff6331e3758 15890->15909 15892 7ff6331e37cf 15891->15892 15893 7ff6331e379c 15891->15893 15896 7ff6331e1880 38 API calls 15892->15896 15895 7ff6331e373d 15893->15895 15902 7ff6331e37ab 15893->15902 15894->15909 15897 7ff6331e4044 47 API calls 15895->15897 15910 7ff6331e382d 15895->15910 15896->15909 15897->15909 15898->15895 15899 7ff6331e3770 15898->15899 15898->15909 15904 7ff6331e4500 47 API calls 15899->15904 15899->15910 15901 7ff6331e20a0 38 API calls 15900->15901 15900->15910 15901->15909 15902->15888 15903 7ff6331e37b0 15902->15903 15906 7ff6331e4698 37 API calls 15903->15906 15903->15910 15904->15909 15905 7ff6331dbcc0 _wfindfirst32i64 8 API calls 15907 7ff6331e3ac3 15905->15907 15906->15909 15907->15849 15908 7ff6331eee18 47 API calls 15908->15909 15909->15908 15909->15910 15910->15905 16108 7ff6331e0e54 15911->16108 15915 7ff6331e4917 15914->15915 16125 7ff6331edf78 15915->16125 15921 7ff6331e4066 15920->15921 15969 7ff6331e0cc0 15921->15969 15925 7ff6331e41a3 15928 7ff6331e4900 45 API calls 15925->15928 15929 7ff6331e422c 15925->15929 15927 7ff6331e4900 45 API calls 15927->15925 15928->15929 15929->15879 15931 7ff6331e4580 15930->15931 15932 7ff6331e4518 15930->15932 15931->15879 15932->15931 15933 7ff6331eee18 47 API calls 15932->15933 15933->15931 15937 7ff6331e46b9 15934->15937 15935 7ff6331eadd8 _invalid_parameter_noinfo 37 API calls 15936 7ff6331e46ea 15935->15936 15936->15879 15937->15935 15937->15936 15939 7ff6331e1cc3 15938->15939 15940 7ff6331e1cf2 15939->15940 15942 7ff6331e1daf 15939->15942 15941 7ff6331e0cc0 12 API calls 15940->15941 15944 7ff6331e1d2f 15940->15944 15941->15944 15943 7ff6331eadd8 _invalid_parameter_noinfo 37 API calls 15942->15943 15943->15944 15944->15879 15946 7ff6331e18b3 15945->15946 15947 7ff6331e18e2 15946->15947 15949 7ff6331e199f 15946->15949 15948 7ff6331e0cc0 12 API calls 15947->15948 15951 7ff6331e191f 15947->15951 15948->15951 15950 7ff6331eadd8 _invalid_parameter_noinfo 37 API calls 15949->15950 15950->15951 15951->15879 15953 7ff6331e20d3 15952->15953 15954 7ff6331e2102 15953->15954 15956 7ff6331e21bf 15953->15956 15955 7ff6331e0cc0 12 API calls 15954->15955 15958 7ff6331e213f 15954->15958 15955->15958 15957 7ff6331eadd8 _invalid_parameter_noinfo 37 API calls 15956->15957 15957->15958 15958->15879 15960 7ff6331eee40 15959->15960 15961 7ff6331eee85 15960->15961 15962 7ff6331e4900 45 API calls 15960->15962 15965 7ff6331eee45 memcpy_s 15960->15965 15968 7ff6331eee6e memcpy_s 15960->15968 15961->15965 15961->15968 16105 7ff6331f04c8 15961->16105 15962->15961 15963 7ff6331eadd8 _invalid_parameter_noinfo 37 API calls 15963->15965 15965->15879 15968->15963 15968->15965 15970 7ff6331e0cf7 15969->15970 15971 7ff6331e0ce6 15969->15971 15970->15971 15972 7ff6331edbbc _fread_nolock 12 API calls 15970->15972 15977 7ff6331eeb30 15971->15977 15973 7ff6331e0d24 15972->15973 15974 7ff6331e0d38 15973->15974 15975 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15973->15975 15976 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15974->15976 15975->15974 15976->15971 15978 7ff6331eeb80 15977->15978 15979 7ff6331eeb4d 15977->15979 15978->15979 15981 7ff6331eebb2 15978->15981 15980 7ff6331eadd8 _invalid_parameter_noinfo 37 API calls 15979->15980 15992 7ff6331e4181 15980->15992 15986 7ff6331eecc5 15981->15986 15988 7ff6331eebfa 15981->15988 15982 7ff6331eedb7 16032 7ff6331ee01c 15982->16032 15984 7ff6331eed7d 16025 7ff6331ee3b4 15984->16025 15985 7ff6331eed4c 16018 7ff6331ee694 15985->16018 15986->15982 15986->15984 15986->15985 15989 7ff6331eed0f 15986->15989 15991 7ff6331eed05 15986->15991 15988->15992 15999 7ff6331eaa3c 15988->15999 16008 7ff6331ee8c4 15989->16008 15991->15984 15994 7ff6331eed0a 15991->15994 15992->15925 15992->15927 15994->15985 15994->15989 15997 7ff6331eaec4 _wfindfirst32i64 17 API calls 15998 7ff6331eee14 15997->15998 16000 7ff6331eaa53 15999->16000 16001 7ff6331eaa49 15999->16001 16002 7ff6331e54c4 _findclose 11 API calls 16000->16002 16001->16000 16006 7ff6331eaa6e 16001->16006 16003 7ff6331eaa5a 16002->16003 16004 7ff6331eaea4 _invalid_parameter_noinfo 37 API calls 16003->16004 16005 7ff6331eaa66 16004->16005 16005->15992 16005->15997 16006->16005 16007 7ff6331e54c4 _findclose 11 API calls 16006->16007 16007->16003 16041 7ff6331f471c 16008->16041 16012 7ff6331ee96c 16013 7ff6331ee9c1 16012->16013 16014 7ff6331ee98c 16012->16014 16017 7ff6331ee970 16012->16017 16094 7ff6331ee4b0 16013->16094 16090 7ff6331ee76c 16014->16090 16017->15992 16019 7ff6331f471c 38 API calls 16018->16019 16020 7ff6331ee6de 16019->16020 16021 7ff6331f4164 37 API calls 16020->16021 16022 7ff6331ee72e 16021->16022 16023 7ff6331ee732 16022->16023 16024 7ff6331ee76c 45 API calls 16022->16024 16023->15992 16024->16023 16026 7ff6331f471c 38 API calls 16025->16026 16027 7ff6331ee3ff 16026->16027 16028 7ff6331f4164 37 API calls 16027->16028 16029 7ff6331ee457 16028->16029 16030 7ff6331ee45b 16029->16030 16031 7ff6331ee4b0 45 API calls 16029->16031 16030->15992 16031->16030 16033 7ff6331ee094 16032->16033 16034 7ff6331ee061 16032->16034 16036 7ff6331ee0ac 16033->16036 16038 7ff6331ee12d 16033->16038 16035 7ff6331eadd8 _invalid_parameter_noinfo 37 API calls 16034->16035 16040 7ff6331ee08d memcpy_s 16035->16040 16037 7ff6331ee3b4 46 API calls 16036->16037 16037->16040 16039 7ff6331e4900 45 API calls 16038->16039 16038->16040 16039->16040 16040->15992 16042 7ff6331f476f fegetenv 16041->16042 16043 7ff6331f867c 37 API calls 16042->16043 16046 7ff6331f47c2 16043->16046 16044 7ff6331f48b2 16047 7ff6331f867c 37 API calls 16044->16047 16045 7ff6331f47ef 16049 7ff6331eaa3c __std_exception_copy 37 API calls 16045->16049 16046->16044 16050 7ff6331f488c 16046->16050 16051 7ff6331f47dd 16046->16051 16048 7ff6331f48dc 16047->16048 16052 7ff6331f867c 37 API calls 16048->16052 16053 7ff6331f486d 16049->16053 16054 7ff6331eaa3c __std_exception_copy 37 API calls 16050->16054 16051->16044 16051->16045 16055 7ff6331f48ed 16052->16055 16056 7ff6331f5994 16053->16056 16060 7ff6331f4875 16053->16060 16054->16053 16058 7ff6331f8870 20 API calls 16055->16058 16057 7ff6331eaec4 _wfindfirst32i64 17 API calls 16056->16057 16059 7ff6331f59a9 16057->16059 16069 7ff6331f4956 memcpy_s 16058->16069 16061 7ff6331dbcc0 _wfindfirst32i64 8 API calls 16060->16061 16062 7ff6331ee911 16061->16062 16086 7ff6331f4164 16062->16086 16063 7ff6331f4cff memcpy_s 16064 7ff6331f503f 16066 7ff6331f4280 37 API calls 16064->16066 16065 7ff6331f4997 memcpy_s 16078 7ff6331f4df3 memcpy_s 16065->16078 16082 7ff6331f52db memcpy_s 16065->16082 16067 7ff6331f5757 16066->16067 16075 7ff6331f59ac memcpy_s 37 API calls 16067->16075 16084 7ff6331f57b2 16067->16084 16068 7ff6331f4feb 16068->16064 16068->16068 16070 7ff6331f59ac memcpy_s 37 API calls 16068->16070 16069->16063 16069->16065 16071 7ff6331e54c4 _findclose 11 API calls 16069->16071 16070->16064 16073 7ff6331f4dd0 16071->16073 16072 7ff6331f5938 16076 7ff6331f867c 37 API calls 16072->16076 16074 7ff6331eaea4 _invalid_parameter_noinfo 37 API calls 16073->16074 16074->16065 16075->16084 16076->16060 16077 7ff6331e54c4 11 API calls _findclose 16077->16078 16078->16068 16078->16077 16081 7ff6331eaea4 37 API calls _invalid_parameter_noinfo 16078->16081 16079 7ff6331e54c4 11 API calls _findclose 16079->16082 16080 7ff6331f4280 37 API calls 16080->16084 16081->16078 16082->16064 16082->16068 16082->16079 16085 7ff6331eaea4 37 API calls _invalid_parameter_noinfo 16082->16085 16083 7ff6331f59ac memcpy_s 37 API calls 16083->16084 16084->16072 16084->16080 16084->16083 16085->16082 16087 7ff6331f4183 16086->16087 16088 7ff6331eadd8 _invalid_parameter_noinfo 37 API calls 16087->16088 16089 7ff6331f41ae memcpy_s 16087->16089 16088->16089 16089->16012 16091 7ff6331ee798 memcpy_s 16090->16091 16092 7ff6331e4900 45 API calls 16091->16092 16093 7ff6331ee852 memcpy_s 16091->16093 16092->16093 16093->16017 16095 7ff6331ee4eb 16094->16095 16098 7ff6331ee538 memcpy_s 16094->16098 16096 7ff6331eadd8 _invalid_parameter_noinfo 37 API calls 16095->16096 16097 7ff6331ee517 16096->16097 16097->16017 16099 7ff6331ee5a3 16098->16099 16101 7ff6331e4900 45 API calls 16098->16101 16100 7ff6331eaa3c __std_exception_copy 37 API calls 16099->16100 16104 7ff6331ee5e5 memcpy_s 16100->16104 16101->16099 16102 7ff6331eaec4 _wfindfirst32i64 17 API calls 16103 7ff6331ee690 16102->16103 16104->16102 16106 7ff6331f04ec WideCharToMultiByte 16105->16106 16109 7ff6331e0e93 16108->16109 16110 7ff6331e0e81 16108->16110 16113 7ff6331e0ea0 16109->16113 16116 7ff6331e0edd 16109->16116 16111 7ff6331e54c4 _findclose 11 API calls 16110->16111 16112 7ff6331e0e86 16111->16112 16114 7ff6331eaea4 _invalid_parameter_noinfo 37 API calls 16112->16114 16115 7ff6331eadd8 _invalid_parameter_noinfo 37 API calls 16113->16115 16121 7ff6331e0e91 16114->16121 16115->16121 16117 7ff6331e0f86 16116->16117 16119 7ff6331e54c4 _findclose 11 API calls 16116->16119 16118 7ff6331e54c4 _findclose 11 API calls 16117->16118 16117->16121 16120 7ff6331e1030 16118->16120 16122 7ff6331e0f7b 16119->16122 16123 7ff6331eaea4 _invalid_parameter_noinfo 37 API calls 16120->16123 16121->15849 16124 7ff6331eaea4 _invalid_parameter_noinfo 37 API calls 16122->16124 16123->16121 16124->16117 16126 7ff6331edf91 16125->16126 16127 7ff6331e493f 16125->16127 16126->16127 16133 7ff6331f3974 16126->16133 16129 7ff6331edfe4 16127->16129 16130 7ff6331e494f 16129->16130 16131 7ff6331edffd 16129->16131 16130->15849 16131->16130 16177 7ff6331f2cc0 16131->16177 16145 7ff6331eb710 GetLastError 16133->16145 16136 7ff6331f39ce 16136->16127 16146 7ff6331eb734 FlsGetValue 16145->16146 16147 7ff6331eb751 FlsSetValue 16145->16147 16148 7ff6331eb74b 16146->16148 16164 7ff6331eb741 16146->16164 16149 7ff6331eb763 16147->16149 16147->16164 16148->16147 16151 7ff6331ef158 _findclose 11 API calls 16149->16151 16150 7ff6331eb7bd SetLastError 16152 7ff6331eb7dd 16150->16152 16153 7ff6331eb7ca 16150->16153 16154 7ff6331eb772 16151->16154 16168 7ff6331eaa9c 16152->16168 16153->16136 16167 7ff6331f0cb8 EnterCriticalSection 16153->16167 16156 7ff6331eb790 FlsSetValue 16154->16156 16157 7ff6331eb780 FlsSetValue 16154->16157 16158 7ff6331eb7ae 16156->16158 16159 7ff6331eb79c FlsSetValue 16156->16159 16161 7ff6331eb789 16157->16161 16163 7ff6331eb4b8 _findclose 11 API calls 16158->16163 16159->16161 16162 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16161->16162 16162->16164 16165 7ff6331eb7b6 16163->16165 16164->16150 16166 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16165->16166 16166->16150 16169 7ff6331f3cc0 __CxxCallCatchBlock EnterCriticalSection LeaveCriticalSection 16168->16169 16170 7ff6331eaaa5 16169->16170 16171 7ff6331eaab4 16170->16171 16172 7ff6331f3d10 __CxxCallCatchBlock 44 API calls 16170->16172 16173 7ff6331eaabd IsProcessorFeaturePresent 16171->16173 16175 7ff6331eaae7 __CxxCallCatchBlock 16171->16175 16172->16171 16174 7ff6331eaacc 16173->16174 16176 7ff6331eabd8 _wfindfirst32i64 14 API calls 16174->16176 16176->16175 16178 7ff6331eb710 __CxxCallCatchBlock 45 API calls 16177->16178 16179 7ff6331f2cc9 16178->16179 16187 7ff6331e536c EnterCriticalSection 16180->16187 16189 7ff6331d28ac 16188->16189 16190 7ff6331e4ac4 49 API calls 16189->16190 16191 7ff6331d28fd 16190->16191 16192 7ff6331e54c4 _findclose 11 API calls 16191->16192 16193 7ff6331d2902 16192->16193 16207 7ff6331e54e4 16193->16207 16196 7ff6331d1ef0 49 API calls 16197 7ff6331d2931 memcpy_s 16196->16197 16198 7ff6331d8ae0 57 API calls 16197->16198 16199 7ff6331d2966 16198->16199 16200 7ff6331d29a3 MessageBoxA 16199->16200 16201 7ff6331d296b 16199->16201 16203 7ff6331d29bd 16200->16203 16202 7ff6331d8ae0 57 API calls 16201->16202 16204 7ff6331d2985 MessageBoxW 16202->16204 16205 7ff6331dbcc0 _wfindfirst32i64 8 API calls 16203->16205 16204->16203 16206 7ff6331d29cd 16205->16206 16206->15537 16208 7ff6331eb888 _findclose 11 API calls 16207->16208 16209 7ff6331e54fb 16208->16209 16210 7ff6331d2909 16209->16210 16211 7ff6331ef158 _findclose 11 API calls 16209->16211 16214 7ff6331e553b 16209->16214 16210->16196 16212 7ff6331e5530 16211->16212 16213 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16212->16213 16213->16214 16214->16210 16219 7ff6331ef828 16214->16219 16217 7ff6331eaec4 _wfindfirst32i64 17 API calls 16218 7ff6331e5580 16217->16218 16224 7ff6331ef845 16219->16224 16220 7ff6331ef84a 16221 7ff6331e54c4 _findclose 11 API calls 16220->16221 16222 7ff6331e5561 16220->16222 16223 7ff6331ef854 16221->16223 16222->16210 16222->16217 16225 7ff6331eaea4 _invalid_parameter_noinfo 37 API calls 16223->16225 16224->16220 16224->16222 16226 7ff6331ef894 16224->16226 16225->16222 16226->16222 16227 7ff6331e54c4 _findclose 11 API calls 16226->16227 16227->16223 16229 7ff6331d8c82 WideCharToMultiByte 16228->16229 16230 7ff6331d8c14 WideCharToMultiByte 16228->16230 16232 7ff6331d8caf 16229->16232 16236 7ff6331d3f25 16229->16236 16231 7ff6331d8c3e 16230->16231 16235 7ff6331d8c55 16230->16235 16233 7ff6331d29e0 57 API calls 16231->16233 16234 7ff6331d29e0 57 API calls 16232->16234 16233->16236 16234->16236 16235->16229 16237 7ff6331d8c6b 16235->16237 16236->15546 16236->15548 16238 7ff6331d29e0 57 API calls 16237->16238 16238->16236 16240 7ff6331d7bde 16239->16240 16241 7ff6331ea9b3 16239->16241 16240->15564 16241->16240 16242 7ff6331eaa3c __std_exception_copy 37 API calls 16241->16242 16243 7ff6331ea9e0 16242->16243 16243->16240 16244 7ff6331eaec4 _wfindfirst32i64 17 API calls 16243->16244 16245 7ff6331eaa10 16244->16245 16247 7ff6331d3fd0 116 API calls 16246->16247 16248 7ff6331d1ad6 16247->16248 16249 7ff6331d1c84 16248->16249 16251 7ff6331d82b0 83 API calls 16248->16251 16250 7ff6331dbcc0 _wfindfirst32i64 8 API calls 16249->16250 16252 7ff6331d1c98 16250->16252 16253 7ff6331d1b0e 16251->16253 16252->15574 16279 7ff6331d3e40 16252->16279 16278 7ff6331d1b3f 16253->16278 16285 7ff6331e0814 16253->16285 16255 7ff6331e018c 74 API calls 16255->16249 16256 7ff6331d1b28 16257 7ff6331d1b44 16256->16257 16258 7ff6331d1b2c 16256->16258 16289 7ff6331e04dc 16257->16289 16260 7ff6331d2890 59 API calls 16258->16260 16260->16278 16262 7ff6331d1b5f 16264 7ff6331d2890 59 API calls 16262->16264 16263 7ff6331d1b77 16265 7ff6331e0814 73 API calls 16263->16265 16264->16278 16266 7ff6331d1bc4 16265->16266 16267 7ff6331d1bee 16266->16267 16268 7ff6331d1bd6 16266->16268 16270 7ff6331e04dc _fread_nolock 53 API calls 16267->16270 16269 7ff6331d2890 59 API calls 16268->16269 16269->16278 16271 7ff6331d1c03 16270->16271 16272 7ff6331d1c1e 16271->16272 16273 7ff6331d1c09 16271->16273 16292 7ff6331e0250 16272->16292 16274 7ff6331d2890 59 API calls 16273->16274 16274->16278 16277 7ff6331d2b30 59 API calls 16277->16278 16278->16255 16280 7ff6331d1ef0 49 API calls 16279->16280 16281 7ff6331d3e5d 16280->16281 16281->15584 16283 7ff6331d1ef0 49 API calls 16282->16283 16284 7ff6331d4080 16283->16284 16284->15574 16286 7ff6331e0844 16285->16286 16298 7ff6331e05a4 16286->16298 16288 7ff6331e085d 16288->16256 16310 7ff6331e04fc 16289->16310 16293 7ff6331d1c32 16292->16293 16294 7ff6331e0259 16292->16294 16293->16277 16293->16278 16295 7ff6331e54c4 _findclose 11 API calls 16294->16295 16299 7ff6331e060e 16298->16299 16300 7ff6331e05ce 16298->16300 16299->16300 16301 7ff6331e061a 16299->16301 16302 7ff6331eadd8 _invalid_parameter_noinfo 37 API calls 16300->16302 16309 7ff6331e536c EnterCriticalSection 16301->16309 16304 7ff6331e05f5 16302->16304 16304->16288 16311 7ff6331d1b59 16310->16311 16312 7ff6331e0526 16310->16312 16311->16262 16311->16263 16312->16311 16313 7ff6331e0572 16312->16313 16314 7ff6331e0535 memcpy_s 16312->16314 16323 7ff6331e536c EnterCriticalSection 16313->16323 16316 7ff6331e54c4 _findclose 11 API calls 16314->16316 16318 7ff6331e054a 16316->16318 16321 7ff6331eaea4 _invalid_parameter_noinfo 37 API calls 16318->16321 16321->16311 16325 7ff6331d7966 16324->16325 16326 7ff6331d798a 16325->16326 16327 7ff6331d79dd GetTempPathW 16325->16327 16329 7ff6331d7b60 61 API calls 16326->16329 16328 7ff6331d79f2 16327->16328 16363 7ff6331d2830 16328->16363 16330 7ff6331d7996 16329->16330 16387 7ff6331d7420 16330->16387 16336 7ff6331d79bc __vcrt_freefls 16336->16327 16342 7ff6331d79ca 16336->16342 16337 7ff6331dbcc0 _wfindfirst32i64 8 API calls 16339 7ff6331d154f 16337->16339 16339->15592 16339->15594 16340 7ff6331d7a0b __vcrt_freefls 16341 7ff6331d7ab6 16340->16341 16346 7ff6331d7a41 16340->16346 16367 7ff6331e8aa4 16340->16367 16370 7ff6331d8950 16340->16370 16344 7ff6331d8bf0 59 API calls 16341->16344 16343 7ff6331d2b30 59 API calls 16342->16343 16348 7ff6331d7ac7 __vcrt_freefls 16344->16348 16347 7ff6331d8ae0 57 API calls 16346->16347 16362 7ff6331d7a7a __vcrt_freefls 16346->16362 16349 7ff6331d7a57 16347->16349 16350 7ff6331d8ae0 57 API calls 16348->16350 16348->16362 16351 7ff6331d7a5c 16349->16351 16352 7ff6331d7a99 SetEnvironmentVariableW 16349->16352 16353 7ff6331d7ae5 16350->16353 16356 7ff6331d8ae0 57 API calls 16351->16356 16352->16362 16354 7ff6331d7aea 16353->16354 16355 7ff6331d7b1d SetEnvironmentVariableW 16353->16355 16357 7ff6331d8ae0 57 API calls 16354->16357 16355->16362 16358 7ff6331d7a6c 16356->16358 16359 7ff6331d7afa 16357->16359 16360 7ff6331e7dec 38 API calls 16358->16360 16361 7ff6331e7dec 38 API calls 16359->16361 16360->16362 16361->16362 16362->16337 16364 7ff6331d2855 16363->16364 16421 7ff6331e4d18 16364->16421 16615 7ff6331e86d0 16367->16615 16371 7ff6331dbc60 16370->16371 16372 7ff6331d8960 GetCurrentProcess OpenProcessToken 16371->16372 16373 7ff6331d89ab GetTokenInformation 16372->16373 16375 7ff6331d8a21 __vcrt_freefls 16372->16375 16374 7ff6331d89cd GetLastError 16373->16374 16378 7ff6331d89d8 16373->16378 16374->16375 16374->16378 16376 7ff6331d8a34 CloseHandle 16375->16376 16377 7ff6331d8a3a 16375->16377 16376->16377 16746 7ff6331d8650 16377->16746 16378->16375 16380 7ff6331d89ee GetTokenInformation 16378->16380 16380->16375 16382 7ff6331d8a14 ConvertSidToStringSidW 16380->16382 16382->16375 16388 7ff6331d742c 16387->16388 16389 7ff6331d8ae0 57 API calls 16388->16389 16390 7ff6331d744e 16389->16390 16391 7ff6331d7456 16390->16391 16392 7ff6331d7469 ExpandEnvironmentStringsW 16390->16392 16393 7ff6331d2b30 59 API calls 16391->16393 16394 7ff6331d748f __vcrt_freefls 16392->16394 16400 7ff6331d7462 16393->16400 16395 7ff6331d7493 16394->16395 16396 7ff6331d74a6 16394->16396 16398 7ff6331d2b30 59 API calls 16395->16398 16401 7ff6331d74b4 16396->16401 16402 7ff6331d74c0 16396->16402 16397 7ff6331dbcc0 _wfindfirst32i64 8 API calls 16399 7ff6331d7588 16397->16399 16398->16400 16399->16362 16411 7ff6331e7dec 16399->16411 16400->16397 16750 7ff6331e79a4 16401->16750 16757 7ff6331e6328 16402->16757 16405 7ff6331d74be 16406 7ff6331d74da 16405->16406 16409 7ff6331d74ed memcpy_s 16405->16409 16407 7ff6331d2b30 59 API calls 16406->16407 16407->16400 16408 7ff6331d7562 CreateDirectoryW 16408->16400 16409->16408 16410 7ff6331d753c CreateDirectoryW 16409->16410 16410->16409 16412 7ff6331e7e0c 16411->16412 16413 7ff6331e7df9 16411->16413 16858 7ff6331e7a70 16412->16858 16414 7ff6331e54c4 _findclose 11 API calls 16413->16414 16416 7ff6331e7dfe 16414->16416 16418 7ff6331eaea4 _invalid_parameter_noinfo 37 API calls 16416->16418 16419 7ff6331e7e0a 16418->16419 16419->16336 16423 7ff6331e4d72 16421->16423 16422 7ff6331e4d97 16425 7ff6331eadd8 _invalid_parameter_noinfo 37 API calls 16422->16425 16423->16422 16424 7ff6331e4dd3 16423->16424 16439 7ff6331e30d0 16424->16439 16427 7ff6331e4dc1 16425->16427 16428 7ff6331dbcc0 _wfindfirst32i64 8 API calls 16427->16428 16432 7ff6331d2874 16428->16432 16429 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16429->16427 16431 7ff6331e4eb4 16431->16429 16432->16340 16433 7ff6331e4eda 16433->16431 16435 7ff6331e4ee4 16433->16435 16434 7ff6331e4e89 16436 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16434->16436 16438 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16435->16438 16436->16427 16437 7ff6331e4e80 16437->16431 16437->16434 16438->16427 16440 7ff6331e310e 16439->16440 16441 7ff6331e30fe 16439->16441 16442 7ff6331e3117 16440->16442 16446 7ff6331e3145 16440->16446 16444 7ff6331eadd8 _invalid_parameter_noinfo 37 API calls 16441->16444 16445 7ff6331eadd8 _invalid_parameter_noinfo 37 API calls 16442->16445 16443 7ff6331e313d 16443->16431 16443->16433 16443->16434 16443->16437 16444->16443 16445->16443 16446->16441 16446->16443 16450 7ff6331e3ae4 16446->16450 16483 7ff6331e3530 16446->16483 16520 7ff6331e2cc0 16446->16520 16451 7ff6331e3b97 16450->16451 16452 7ff6331e3b26 16450->16452 16455 7ff6331e3bf0 16451->16455 16456 7ff6331e3b9c 16451->16456 16453 7ff6331e3bc1 16452->16453 16454 7ff6331e3b2c 16452->16454 16539 7ff6331e1e94 16453->16539 16457 7ff6331e3b31 16454->16457 16458 7ff6331e3b60 16454->16458 16462 7ff6331e3c07 16455->16462 16464 7ff6331e3bfa 16455->16464 16469 7ff6331e3bff 16455->16469 16459 7ff6331e3b9e 16456->16459 16460 7ff6331e3bd1 16456->16460 16457->16462 16465 7ff6331e3b37 16457->16465 16458->16465 16458->16469 16463 7ff6331e3b40 16459->16463 16472 7ff6331e3bad 16459->16472 16546 7ff6331e1a84 16460->16546 16553 7ff6331e47ec 16462->16553 16481 7ff6331e3c30 16463->16481 16523 7ff6331e4298 16463->16523 16464->16453 16464->16469 16465->16463 16470 7ff6331e3b72 16465->16470 16478 7ff6331e3b5b 16465->16478 16469->16481 16557 7ff6331e22a4 16469->16557 16470->16481 16533 7ff6331e45d4 16470->16533 16472->16453 16474 7ff6331e3bb2 16472->16474 16476 7ff6331e4698 37 API calls 16474->16476 16474->16481 16475 7ff6331dbcc0 _wfindfirst32i64 8 API calls 16477 7ff6331e3f2a 16475->16477 16476->16478 16477->16446 16479 7ff6331e4900 45 API calls 16478->16479 16478->16481 16482 7ff6331e3e1c 16478->16482 16479->16482 16481->16475 16482->16481 16564 7ff6331eefc8 16482->16564 16484 7ff6331e3554 16483->16484 16485 7ff6331e353e 16483->16485 16488 7ff6331eadd8 _invalid_parameter_noinfo 37 API calls 16484->16488 16489 7ff6331e3594 16484->16489 16486 7ff6331e3b97 16485->16486 16487 7ff6331e3b26 16485->16487 16485->16489 16492 7ff6331e3bf0 16486->16492 16493 7ff6331e3b9c 16486->16493 16490 7ff6331e3bc1 16487->16490 16491 7ff6331e3b2c 16487->16491 16488->16489 16489->16446 16498 7ff6331e1e94 38 API calls 16490->16498 16494 7ff6331e3b31 16491->16494 16495 7ff6331e3b60 16491->16495 16499 7ff6331e3c07 16492->16499 16501 7ff6331e3bfa 16492->16501 16506 7ff6331e3bff 16492->16506 16496 7ff6331e3b9e 16493->16496 16497 7ff6331e3bd1 16493->16497 16494->16499 16502 7ff6331e3b37 16494->16502 16495->16502 16495->16506 16500 7ff6331e3b40 16496->16500 16509 7ff6331e3bad 16496->16509 16504 7ff6331e1a84 38 API calls 16497->16504 16515 7ff6331e3b5b 16498->16515 16503 7ff6331e47ec 45 API calls 16499->16503 16505 7ff6331e4298 47 API calls 16500->16505 16519 7ff6331e3c30 16500->16519 16501->16490 16501->16506 16502->16500 16507 7ff6331e3b72 16502->16507 16502->16515 16503->16515 16504->16515 16505->16515 16508 7ff6331e22a4 38 API calls 16506->16508 16506->16519 16510 7ff6331e45d4 46 API calls 16507->16510 16507->16519 16508->16515 16509->16490 16511 7ff6331e3bb2 16509->16511 16510->16515 16513 7ff6331e4698 37 API calls 16511->16513 16511->16519 16512 7ff6331dbcc0 _wfindfirst32i64 8 API calls 16514 7ff6331e3f2a 16512->16514 16513->16515 16514->16446 16516 7ff6331e4900 45 API calls 16515->16516 16518 7ff6331e3e1c 16515->16518 16515->16519 16516->16518 16517 7ff6331eefc8 46 API calls 16517->16518 16518->16517 16518->16519 16519->16512 16598 7ff6331e1108 16520->16598 16524 7ff6331e42be 16523->16524 16525 7ff6331e0cc0 12 API calls 16524->16525 16526 7ff6331e430e 16525->16526 16527 7ff6331eeb30 46 API calls 16526->16527 16528 7ff6331e43e1 16527->16528 16534 7ff6331e4609 16533->16534 16535 7ff6331e4627 16534->16535 16536 7ff6331e464e 16534->16536 16537 7ff6331e4900 45 API calls 16534->16537 16538 7ff6331eefc8 46 API calls 16535->16538 16536->16478 16537->16535 16538->16536 16540 7ff6331e1ec7 16539->16540 16541 7ff6331e1ef6 16540->16541 16543 7ff6331e1fb3 16540->16543 16545 7ff6331e1f33 16541->16545 16576 7ff6331e0d68 16541->16576 16544 7ff6331eadd8 _invalid_parameter_noinfo 37 API calls 16543->16544 16544->16545 16545->16478 16547 7ff6331e1ab7 16546->16547 16548 7ff6331e1ae6 16547->16548 16550 7ff6331e1ba3 16547->16550 16549 7ff6331e0d68 12 API calls 16548->16549 16552 7ff6331e1b23 16548->16552 16549->16552 16551 7ff6331eadd8 _invalid_parameter_noinfo 37 API calls 16550->16551 16551->16552 16552->16478 16554 7ff6331e482f 16553->16554 16555 7ff6331e4833 __crtLCMapStringW 16554->16555 16584 7ff6331e4888 16554->16584 16555->16478 16558 7ff6331e22d7 16557->16558 16559 7ff6331e2306 16558->16559 16561 7ff6331e23c3 16558->16561 16560 7ff6331e0d68 12 API calls 16559->16560 16563 7ff6331e2343 16559->16563 16560->16563 16562 7ff6331eadd8 _invalid_parameter_noinfo 37 API calls 16561->16562 16562->16563 16563->16478 16565 7ff6331eeff9 16564->16565 16574 7ff6331ef007 16564->16574 16566 7ff6331ef027 16565->16566 16567 7ff6331e4900 45 API calls 16565->16567 16565->16574 16568 7ff6331ef038 16566->16568 16570 7ff6331ef05f 16566->16570 16567->16566 16570->16574 16574->16482 16577 7ff6331e0d9f 16576->16577 16583 7ff6331e0d8e 16576->16583 16578 7ff6331edbbc _fread_nolock 12 API calls 16577->16578 16577->16583 16579 7ff6331e0dd0 16578->16579 16580 7ff6331e0de4 16579->16580 16581 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16579->16581 16581->16580 16583->16545 16585 7ff6331e48a6 16584->16585 16587 7ff6331e48ae 16584->16587 16586 7ff6331e4900 45 API calls 16585->16586 16586->16587 16587->16555 16599 7ff6331e114f 16598->16599 16600 7ff6331e113d 16598->16600 16601 7ff6331e1199 16599->16601 16603 7ff6331e115d 16599->16603 16602 7ff6331e54c4 _findclose 11 API calls 16600->16602 16607 7ff6331e1515 16601->16607 16609 7ff6331e54c4 _findclose 11 API calls 16601->16609 16604 7ff6331e1142 16602->16604 16605 7ff6331eadd8 _invalid_parameter_noinfo 37 API calls 16603->16605 16606 7ff6331eaea4 _invalid_parameter_noinfo 37 API calls 16604->16606 16612 7ff6331e114d 16605->16612 16606->16612 16608 7ff6331e54c4 _findclose 11 API calls 16607->16608 16607->16612 16610 7ff6331e17a9 16608->16610 16611 7ff6331e150a 16609->16611 16613 7ff6331eaea4 _invalid_parameter_noinfo 37 API calls 16610->16613 16614 7ff6331eaea4 _invalid_parameter_noinfo 37 API calls 16611->16614 16612->16446 16613->16612 16614->16607 16656 7ff6331f1bc8 16615->16656 16715 7ff6331f1940 16656->16715 16736 7ff6331f0cb8 EnterCriticalSection 16715->16736 16747 7ff6331d8675 16746->16747 16748 7ff6331e4d18 48 API calls 16747->16748 16749 7ff6331d8698 LocalFree ConvertStringSecurityDescriptorToSecurityDescriptorW 16748->16749 16751 7ff6331e79c2 16750->16751 16754 7ff6331e79f5 16750->16754 16751->16754 16769 7ff6331f0e54 16751->16769 16754->16405 16755 7ff6331eaec4 _wfindfirst32i64 17 API calls 16756 7ff6331e7a25 16755->16756 16758 7ff6331e63b2 16757->16758 16759 7ff6331e6344 16757->16759 16803 7ff6331f04a0 16758->16803 16759->16758 16761 7ff6331e6349 16759->16761 16762 7ff6331e637e 16761->16762 16763 7ff6331e6361 16761->16763 16786 7ff6331e616c GetFullPathNameW 16762->16786 16778 7ff6331e60f8 GetFullPathNameW 16763->16778 16768 7ff6331e6376 __vcrt_freefls 16768->16405 16770 7ff6331f0e61 16769->16770 16771 7ff6331f0e6b 16769->16771 16770->16771 16776 7ff6331f0e87 16770->16776 16772 7ff6331e54c4 _findclose 11 API calls 16771->16772 16773 7ff6331f0e73 16772->16773 16774 7ff6331eaea4 _invalid_parameter_noinfo 37 API calls 16773->16774 16775 7ff6331e79f1 16774->16775 16775->16754 16775->16755 16776->16775 16777 7ff6331e54c4 _findclose 11 API calls 16776->16777 16777->16773 16779 7ff6331e6134 16778->16779 16780 7ff6331e611e GetLastError 16778->16780 16782 7ff6331e6130 16779->16782 16785 7ff6331e54c4 _findclose 11 API calls 16779->16785 16781 7ff6331e5438 _fread_nolock 11 API calls 16780->16781 16783 7ff6331e612b 16781->16783 16782->16768 16784 7ff6331e54c4 _findclose 11 API calls 16783->16784 16784->16782 16785->16782 16787 7ff6331e619f GetLastError 16786->16787 16791 7ff6331e61b5 __vcrt_freefls 16786->16791 16788 7ff6331e5438 _fread_nolock 11 API calls 16787->16788 16789 7ff6331e61ac 16788->16789 16790 7ff6331e54c4 _findclose 11 API calls 16789->16790 16793 7ff6331e61b1 16790->16793 16792 7ff6331e620f GetFullPathNameW 16791->16792 16791->16793 16792->16787 16792->16793 16794 7ff6331e6244 16793->16794 16795 7ff6331e626d memcpy_s 16794->16795 16799 7ff6331e62b8 memcpy_s 16794->16799 16796 7ff6331e62a1 16795->16796 16795->16799 16800 7ff6331e62da 16795->16800 16799->16768 16800->16799 16806 7ff6331f02b0 16803->16806 16807 7ff6331f02f2 16806->16807 16808 7ff6331f02db 16806->16808 16810 7ff6331f02f6 16807->16810 16811 7ff6331f0317 16807->16811 16809 7ff6331e54c4 _findclose 11 API calls 16808->16809 16813 7ff6331f02e0 16809->16813 16832 7ff6331f041c 16810->16832 16844 7ff6331ef918 16811->16844 16817 7ff6331eaea4 _invalid_parameter_noinfo 37 API calls 16813->16817 16831 7ff6331f02eb __vcrt_freefls 16817->16831 16833 7ff6331f0466 16832->16833 16834 7ff6331f0436 16832->16834 16835 7ff6331f0471 GetDriveTypeW 16833->16835 16837 7ff6331f0451 16833->16837 16836 7ff6331e54a4 _fread_nolock 11 API calls 16834->16836 16835->16837 16838 7ff6331f043b 16836->16838 16840 7ff6331dbcc0 _wfindfirst32i64 8 API calls 16837->16840 16845 7ff6331dd0e0 memcpy_s 16844->16845 16846 7ff6331ef94e GetCurrentDirectoryW 16845->16846 16847 7ff6331ef965 16846->16847 16848 7ff6331ef98c 16846->16848 16865 7ff6331f0cb8 EnterCriticalSection 16858->16865 16867 7ff6331d173e 16866->16867 16868 7ff6331d1726 16866->16868 16870 7ff6331d1744 16867->16870 16871 7ff6331d1768 16867->16871 16869 7ff6331d2b30 59 API calls 16868->16869 16872 7ff6331d1732 16869->16872 16996 7ff6331d12b0 16870->16996 16959 7ff6331d7c10 16871->16959 16872->15618 16877 7ff6331d175f 16877->15618 16878 7ff6331d178d 16882 7ff6331d2890 59 API calls 16878->16882 16879 7ff6331d17b9 16880 7ff6331d3fd0 116 API calls 16879->16880 16884 7ff6331d17ce 16880->16884 16881 7ff6331d2b30 59 API calls 16881->16877 16883 7ff6331d17a3 16882->16883 16883->15618 16885 7ff6331d17ee 16884->16885 16886 7ff6331d17d6 16884->16886 16888 7ff6331e0814 73 API calls 16885->16888 16887 7ff6331d2b30 59 API calls 16886->16887 16909 7ff6331d2d86 16908->16909 16910 7ff6331d1ef0 49 API calls 16909->16910 16911 7ff6331d2db9 16910->16911 16912 7ff6331d3e40 49 API calls 16911->16912 16939 7ff6331d30ea 16911->16939 16913 7ff6331d2e27 16912->16913 16914 7ff6331d3e40 49 API calls 16913->16914 16915 7ff6331d2e38 16914->16915 16916 7ff6331d2e95 16915->16916 16917 7ff6331d2e59 16915->16917 16919 7ff6331d31b0 75 API calls 16916->16919 17131 7ff6331d31b0 16917->17131 16920 7ff6331d2e93 16919->16920 16921 7ff6331d2ed4 16920->16921 16922 7ff6331d2f16 16920->16922 17139 7ff6331d75a0 16921->17139 16924 7ff6331d31b0 75 API calls 16922->16924 16926 7ff6331d2f40 16924->16926 16929 7ff6331d31b0 75 API calls 16926->16929 16936 7ff6331d2fdc 16926->16936 16931 7ff6331d2f72 16929->16931 16931->16936 16932 7ff6331d1eb0 59 API calls 16936->16932 16952 7ff6331d30ef 16936->16952 16960 7ff6331d7c20 16959->16960 16961 7ff6331d1ef0 49 API calls 16960->16961 16962 7ff6331d7c61 16961->16962 16963 7ff6331d7ce1 16962->16963 17039 7ff6331d3f60 16962->17039 16965 7ff6331dbcc0 _wfindfirst32i64 8 API calls 16963->16965 16967 7ff6331d1785 16965->16967 16967->16878 16967->16879 16968 7ff6331d7d1b 17045 7ff6331d77c0 16968->17045 16970 7ff6331d7b60 61 API calls 16975 7ff6331d7c92 __vcrt_freefls 16970->16975 16972 7ff6331d7cd0 17059 7ff6331d2c50 16972->17059 16973 7ff6331d7d04 16974 7ff6331d2c50 59 API calls 16973->16974 16974->16968 16975->16972 16975->16973 16997 7ff6331d12c2 16996->16997 16998 7ff6331d3fd0 116 API calls 16997->16998 16999 7ff6331d12f2 16998->16999 17000 7ff6331d1311 16999->17000 17001 7ff6331d12fa 16999->17001 17003 7ff6331e0814 73 API calls 17000->17003 17002 7ff6331d2b30 59 API calls 17001->17002 17032 7ff6331d130a __vcrt_freefls 17002->17032 17004 7ff6331d1323 17003->17004 17005 7ff6331d134d 17004->17005 17006 7ff6331d1327 17004->17006 17009 7ff6331d1390 17005->17009 17010 7ff6331d1368 17005->17010 17007 7ff6331d2890 59 API calls 17006->17007 17008 7ff6331d133e 17007->17008 17012 7ff6331e018c 74 API calls 17008->17012 17014 7ff6331d13aa 17009->17014 17026 7ff6331d1463 17009->17026 17013 7ff6331d2890 59 API calls 17010->17013 17011 7ff6331dbcc0 _wfindfirst32i64 8 API calls 17015 7ff6331d1454 17011->17015 17012->17032 17017 7ff6331d1383 17013->17017 17018 7ff6331d1050 98 API calls 17014->17018 17015->16877 17015->16881 17016 7ff6331d13c3 17021 7ff6331e018c 74 API calls 17016->17021 17019 7ff6331e018c 74 API calls 17017->17019 17020 7ff6331d13bb 17018->17020 17019->17032 17020->17016 17023 7ff6331d14d2 __vcrt_freefls 17020->17023 17022 7ff6331e04dc _fread_nolock 53 API calls 17022->17026 17026->17016 17026->17022 17028 7ff6331d14bb 17026->17028 17029 7ff6331d2890 59 API calls 17028->17029 17029->17023 17032->17011 17040 7ff6331d3f6a 17039->17040 17041 7ff6331d8ae0 57 API calls 17040->17041 17042 7ff6331d3f92 17041->17042 17043 7ff6331dbcc0 _wfindfirst32i64 8 API calls 17042->17043 17044 7ff6331d3fba 17043->17044 17044->16968 17044->16970 17044->16975 17046 7ff6331d77d0 17045->17046 17132 7ff6331d31e4 17131->17132 17133 7ff6331e4ac4 49 API calls 17132->17133 17134 7ff6331d320a 17133->17134 17135 7ff6331d321b 17134->17135 17191 7ff6331e5dec 17134->17191 17137 7ff6331dbcc0 _wfindfirst32i64 8 API calls 17135->17137 17138 7ff6331d3239 17137->17138 17138->16920 17140 7ff6331d75ae 17139->17140 17141 7ff6331d3fd0 116 API calls 17140->17141 17142 7ff6331d75dd 17141->17142 17192 7ff6331e5e15 17191->17192 17193 7ff6331e5e09 17191->17193 17233 7ff6331e4f98 17192->17233 17208 7ff6331e5700 17193->17208 17416 7ff6331e63dc 17415->17416 17417 7ff6331e6402 17416->17417 17420 7ff6331e6435 17416->17420 17418 7ff6331e54c4 _findclose 11 API calls 17417->17418 17419 7ff6331e6407 17418->17419 17421 7ff6331eaea4 _invalid_parameter_noinfo 37 API calls 17419->17421 17422 7ff6331e643b 17420->17422 17423 7ff6331e6448 17420->17423 17433 7ff6331d4029 17421->17433 17424 7ff6331e54c4 _findclose 11 API calls 17422->17424 17434 7ff6331eb1ec 17423->17434 17424->17433 17433->15672 17447 7ff6331f0cb8 EnterCriticalSection 17434->17447 17795 7ff6331e90a0 17794->17795 17798 7ff6331e8b7c 17795->17798 17799 7ff6331e8bc6 17798->17799 17800 7ff6331e8b97 17798->17800 17808 7ff6331e536c EnterCriticalSection 17799->17808 17801 7ff6331eadd8 _invalid_parameter_noinfo 37 API calls 17800->17801 17810 7ff6331dff83 17809->17810 17811 7ff6331dffb1 17809->17811 17821 7ff6331d3fd0 116 API calls 17820->17821 17822 7ff6331d15c7 17821->17822 17823 7ff6331d15cf 17822->17823 17824 7ff6331d15f0 17822->17824 17825 7ff6331d2b30 59 API calls 17823->17825 17826 7ff6331e0814 73 API calls 17824->17826 17827 7ff6331d15df 17825->17827 17828 7ff6331d1601 17826->17828 17827->15691 17829 7ff6331d1605 17828->17829 17830 7ff6331d1621 17828->17830 17831 7ff6331d2890 59 API calls 17829->17831 17833 7ff6331d1651 17830->17833 17834 7ff6331d1631 17830->17834 17832 7ff6331d161c __vcrt_freefls 17831->17832 17837 7ff6331e018c 74 API calls 17832->17837 17835 7ff6331d167d 17833->17835 17836 7ff6331d1666 17833->17836 17838 7ff6331d2890 59 API calls 17834->17838 17835->17832 17841 7ff6331e04dc _fread_nolock 53 API calls 17835->17841 17842 7ff6331d16be 17835->17842 17839 7ff6331d1050 98 API calls 17836->17839 17840 7ff6331d16f7 17837->17840 17838->17832 17839->17832 17840->15691 17841->17835 17843 7ff6331d2890 59 API calls 17842->17843 17843->17832 17846 7ff6331d19d3 17844->17846 17847 7ff6331d196f 17844->17847 17845 7ff6331e5070 45 API calls 17845->17847 17846->15711 17847->17845 17847->17846 17849 7ff6331d8ae0 57 API calls 17848->17849 17850 7ff6331d8277 LoadLibraryExW 17849->17850 17851 7ff6331d8294 __vcrt_freefls 17850->17851 17851->15718 17911->15736 17912->15737 17914 7ff6331d5bd0 17913->17914 17915 7ff6331d1ef0 49 API calls 17914->17915 17916 7ff6331d5c02 17915->17916 17917 7ff6331d5c2b 17916->17917 17918 7ff6331d5c0b 17916->17918 17919 7ff6331d5c82 17917->17919 17921 7ff6331d4050 49 API calls 17917->17921 17920 7ff6331d2b30 59 API calls 17918->17920 17922 7ff6331d4050 49 API calls 17919->17922 17940 7ff6331d5c21 17920->17940 17923 7ff6331d5c4c 17921->17923 17924 7ff6331d5c9b 17922->17924 17925 7ff6331d5c6a 17923->17925 17929 7ff6331d2b30 59 API calls 17923->17929 17927 7ff6331d5cb9 17924->17927 17932 7ff6331d2b30 59 API calls 17924->17932 17930 7ff6331d3f60 57 API calls 17925->17930 17926 7ff6331dbcc0 _wfindfirst32i64 8 API calls 17931 7ff6331d346e 17926->17931 17928 7ff6331d8260 58 API calls 17927->17928 17933 7ff6331d5cc6 17928->17933 17929->17925 17934 7ff6331d5c74 17930->17934 17931->15745 17941 7ff6331d5d20 17931->17941 17932->17927 17935 7ff6331d5ccb 17933->17935 17936 7ff6331d5ced 17933->17936 17934->17919 17939 7ff6331d8260 58 API calls 17934->17939 17937 7ff6331d29e0 57 API calls 17935->17937 18011 7ff6331d51e0 GetProcAddress 17936->18011 17937->17940 17939->17919 17940->17926 18095 7ff6331d4de0 17941->18095 17943 7ff6331d5d44 17944 7ff6331d5d4c 17943->17944 17945 7ff6331d5d5d 17943->17945 17946 7ff6331d2b30 59 API calls 17944->17946 18102 7ff6331d4530 17945->18102 18012 7ff6331d5220 GetProcAddress 18011->18012 18017 7ff6331d5202 18011->18017 18013 7ff6331d5245 GetProcAddress 18012->18013 18012->18017 18014 7ff6331d526a GetProcAddress 18013->18014 18013->18017 18014->18017 18015 7ff6331d29e0 57 API calls 18018 7ff6331d5215 18015->18018 18017->18015 18018->17940 18097 7ff6331d4e05 18095->18097 18096 7ff6331d4e0d 18096->17943 18097->18096 18100 7ff6331d4f9f 18097->18100 18137 7ff6331e6fb8 18097->18137 18098 7ff6331d514a __vcrt_freefls 18098->17943 18099 7ff6331d4250 47 API calls 18099->18100 18100->18098 18100->18099 18138 7ff6331e6fe8 18137->18138 18141 7ff6331e64b4 18138->18141 18142 7ff6331e64e5 18141->18142 18143 7ff6331e64f7 18141->18143 18273 7ff6331eb710 __CxxCallCatchBlock 45 API calls 18272->18273 18274 7ff6331ea971 18273->18274 18275 7ff6331eaa9c __CxxCallCatchBlock 45 API calls 18274->18275 18276 7ff6331ea991 18275->18276 19153 7ff6331eb590 19154 7ff6331eb595 19153->19154 19155 7ff6331eb5aa 19153->19155 19159 7ff6331eb5b0 19154->19159 19160 7ff6331eb5f2 19159->19160 19161 7ff6331eb5fa 19159->19161 19162 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19160->19162 19163 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19161->19163 19162->19161 19164 7ff6331eb607 19163->19164 19165 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19164->19165 19166 7ff6331eb614 19165->19166 19167 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19166->19167 19168 7ff6331eb621 19167->19168 19169 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19168->19169 19170 7ff6331eb62e 19169->19170 19171 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19170->19171 19172 7ff6331eb63b 19171->19172 19173 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19172->19173 19174 7ff6331eb648 19173->19174 19175 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19174->19175 19176 7ff6331eb655 19175->19176 19177 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19176->19177 19178 7ff6331eb665 19177->19178 19179 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19178->19179 19180 7ff6331eb675 19179->19180 19185 7ff6331eb458 19180->19185 19199 7ff6331f0cb8 EnterCriticalSection 19185->19199 19201 7ff6331dbf90 19202 7ff6331dbfa0 19201->19202 19218 7ff6331ea138 19202->19218 19204 7ff6331dbfac 19224 7ff6331dc298 19204->19224 19206 7ff6331dc57c 7 API calls 19208 7ff6331dc045 19206->19208 19207 7ff6331dbfc4 _RTC_Initialize 19216 7ff6331dc019 19207->19216 19229 7ff6331dc448 19207->19229 19210 7ff6331dbfd9 19232 7ff6331e95a4 19210->19232 19216->19206 19217 7ff6331dc035 19216->19217 19219 7ff6331ea149 19218->19219 19220 7ff6331ea151 19219->19220 19221 7ff6331e54c4 _findclose 11 API calls 19219->19221 19220->19204 19222 7ff6331ea160 19221->19222 19223 7ff6331eaea4 _invalid_parameter_noinfo 37 API calls 19222->19223 19223->19220 19225 7ff6331dc2a9 19224->19225 19228 7ff6331dc2ae __scrt_acquire_startup_lock 19224->19228 19226 7ff6331dc57c 7 API calls 19225->19226 19225->19228 19227 7ff6331dc322 19226->19227 19228->19207 19257 7ff6331dc40c 19229->19257 19231 7ff6331dc451 19231->19210 19233 7ff6331e95c4 19232->19233 19234 7ff6331dbfe5 19232->19234 19235 7ff6331e95e2 GetModuleFileNameW 19233->19235 19236 7ff6331e95cc 19233->19236 19234->19216 19256 7ff6331dc51c InitializeSListHead 19234->19256 19240 7ff6331e960d 19235->19240 19237 7ff6331e54c4 _findclose 11 API calls 19236->19237 19238 7ff6331e95d1 19237->19238 19239 7ff6331eaea4 _invalid_parameter_noinfo 37 API calls 19238->19239 19239->19234 19272 7ff6331e9544 19240->19272 19243 7ff6331e9655 19244 7ff6331e54c4 _findclose 11 API calls 19243->19244 19245 7ff6331e965a 19244->19245 19246 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19245->19246 19246->19234 19247 7ff6331e966d 19248 7ff6331e968f 19247->19248 19250 7ff6331e96d4 19247->19250 19251 7ff6331e96bb 19247->19251 19249 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19248->19249 19249->19234 19253 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19250->19253 19252 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19251->19252 19254 7ff6331e96c4 19252->19254 19253->19248 19255 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19254->19255 19255->19234 19258 7ff6331dc426 19257->19258 19260 7ff6331dc41f 19257->19260 19261 7ff6331ea77c 19258->19261 19260->19231 19264 7ff6331ea3b8 19261->19264 19271 7ff6331f0cb8 EnterCriticalSection 19264->19271 19273 7ff6331e955c 19272->19273 19274 7ff6331e9594 19272->19274 19273->19274 19275 7ff6331ef158 _findclose 11 API calls 19273->19275 19274->19243 19274->19247 19276 7ff6331e958a 19275->19276 19277 7ff6331eaf0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19276->19277 19277->19274 19880 7ff6331e5310 19881 7ff6331e531b 19880->19881 19889 7ff6331ef764 19881->19889 19902 7ff6331f0cb8 EnterCriticalSection 19889->19902 19292 7ff6331fab89 19293 7ff6331fab98 19292->19293 19295 7ff6331faba2 19292->19295 19296 7ff6331f0d18 LeaveCriticalSection 19293->19296

                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                    Function 00007FF6331F6370 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 133 7ff6331f6370-7ff6331f63ab call 7ff6331f5cf8 call 7ff6331f5d00 call 7ff6331f5d68 140 7ff6331f65d5-7ff6331f6621 call 7ff6331eaec4 call 7ff6331f5cf8 call 7ff6331f5d00 call 7ff6331f5d68 133->140 141 7ff6331f63b1-7ff6331f63bc call 7ff6331f5d08 133->141 167 7ff6331f675f-7ff6331f67cd call 7ff6331eaec4 call 7ff6331f1be8 140->167 168 7ff6331f6627-7ff6331f6632 call 7ff6331f5d08 140->168 141->140 147 7ff6331f63c2-7ff6331f63cc 141->147 149 7ff6331f63ee-7ff6331f63f2 147->149 150 7ff6331f63ce-7ff6331f63d1 147->150 151 7ff6331f63f5-7ff6331f63fd 149->151 153 7ff6331f63d4-7ff6331f63df 150->153 151->151 156 7ff6331f63ff-7ff6331f6412 call 7ff6331edbbc 151->156 154 7ff6331f63e1-7ff6331f63e8 153->154 155 7ff6331f63ea-7ff6331f63ec 153->155 154->153 154->155 155->149 158 7ff6331f641b-7ff6331f6429 155->158 163 7ff6331f6414-7ff6331f6416 call 7ff6331eaf0c 156->163 164 7ff6331f642a-7ff6331f6436 call 7ff6331eaf0c 156->164 163->158 174 7ff6331f643d-7ff6331f6445 164->174 186 7ff6331f67cf-7ff6331f67d6 167->186 187 7ff6331f67db-7ff6331f67de 167->187 168->167 177 7ff6331f6638-7ff6331f6643 call 7ff6331f5d38 168->177 174->174 178 7ff6331f6447-7ff6331f6458 call 7ff6331f0e54 174->178 177->167 188 7ff6331f6649-7ff6331f666c call 7ff6331eaf0c GetTimeZoneInformation 177->188 178->140 185 7ff6331f645e-7ff6331f64b4 call 7ff6331dd0e0 * 4 call 7ff6331f628c 178->185 245 7ff6331f64b6-7ff6331f64ba 185->245 193 7ff6331f686b-7ff6331f686e 186->193 191 7ff6331f6815-7ff6331f6828 call 7ff6331edbbc 187->191 192 7ff6331f67e0 187->192 199 7ff6331f6734-7ff6331f675e call 7ff6331f5cf0 call 7ff6331f5ce0 call 7ff6331f5ce8 188->199 200 7ff6331f6672-7ff6331f6693 188->200 212 7ff6331f6833-7ff6331f684e call 7ff6331f1be8 191->212 213 7ff6331f682a 191->213 196 7ff6331f67e3 192->196 193->196 197 7ff6331f6874-7ff6331f687c call 7ff6331f6370 193->197 202 7ff6331f67e8-7ff6331f6814 call 7ff6331eaf0c call 7ff6331dbcc0 196->202 203 7ff6331f67e3 call 7ff6331f65ec 196->203 197->202 206 7ff6331f6695-7ff6331f669b 200->206 207 7ff6331f669e-7ff6331f66a5 200->207 203->202 206->207 215 7ff6331f66b9 207->215 216 7ff6331f66a7-7ff6331f66af 207->216 229 7ff6331f6855-7ff6331f6867 call 7ff6331eaf0c 212->229 230 7ff6331f6850-7ff6331f6853 212->230 220 7ff6331f682c-7ff6331f6831 call 7ff6331eaf0c 213->220 225 7ff6331f66bb-7ff6331f672f call 7ff6331dd0e0 * 4 call 7ff6331f31cc call 7ff6331f6884 * 2 215->225 216->215 222 7ff6331f66b1-7ff6331f66b7 216->222 220->192 222->225 225->199 229->193 230->220 247 7ff6331f64c0-7ff6331f64c4 245->247 248 7ff6331f64bc 245->248 247->245 250 7ff6331f64c6-7ff6331f64eb call 7ff6331e706c 247->250 248->247 256 7ff6331f64ee-7ff6331f64f2 250->256 258 7ff6331f64f4-7ff6331f64ff 256->258 259 7ff6331f6501-7ff6331f6505 256->259 258->259 261 7ff6331f6507-7ff6331f650b 258->261 259->256 264 7ff6331f658c-7ff6331f6590 261->264 265 7ff6331f650d-7ff6331f6535 call 7ff6331e706c 261->265 266 7ff6331f6592-7ff6331f6594 264->266 267 7ff6331f6597-7ff6331f65a4 264->267 273 7ff6331f6553-7ff6331f6557 265->273 274 7ff6331f6537 265->274 266->267 269 7ff6331f65bf-7ff6331f65ce call 7ff6331f5cf0 call 7ff6331f5ce0 267->269 270 7ff6331f65a6-7ff6331f65bc call 7ff6331f628c 267->270 269->140 270->269 273->264 279 7ff6331f6559-7ff6331f6577 call 7ff6331e706c 273->279 277 7ff6331f653a-7ff6331f6541 274->277 277->273 280 7ff6331f6543-7ff6331f6551 277->280 285 7ff6331f6583-7ff6331f658a 279->285 280->273 280->277 285->264 286 7ff6331f6579-7ff6331f657d 285->286 286->264 287 7ff6331f657f 286->287 287->285
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6331F63B5
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331F5D08: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6331F5D1C
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331EAF0C: RtlFreeHeap.NTDLL(?,?,?,00007FF6331F3392,?,?,?,00007FF6331F33CF,?,?,00000000,00007FF6331F3895,?,?,00000000,00007FF6331F37C7), ref: 00007FF6331EAF22
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331EAF0C: GetLastError.KERNEL32(?,?,?,00007FF6331F3392,?,?,?,00007FF6331F33CF,?,?,00000000,00007FF6331F3895,?,?,00000000,00007FF6331F37C7), ref: 00007FF6331EAF2C
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331EAEC4: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6331EAEA3,?,?,?,?,?,00007FF6331E30CC), ref: 00007FF6331EAECD
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331EAEC4: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6331EAEA3,?,?,?,?,?,00007FF6331E30CC), ref: 00007FF6331EAEF2
                                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6331F63A4
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331F5D68: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6331F5D7C
                                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6331F661A
                                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6331F662B
                                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6331F663C
                                                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6331F687C), ref: 00007FF6331F6663
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                                                    • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                                                    • API String ID: 4070488512-239921721
                                                                                                                                                                                                                                                                    • Opcode ID: 54e1ccf0b1e099ab2aef5fd1d20d70d6c7b19d4e9a74b58f9fc53268ba567377
                                                                                                                                                                                                                                                                    • Instruction ID: d6e8d2cfe63d9a74a7518ed8d54090e3333b7a48d15622afdb8d25e919e98268
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 54e1ccf0b1e099ab2aef5fd1d20d70d6c7b19d4e9a74b58f9fc53268ba567377
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5D1DF32E1825286EB20EF26D9521B977A1FF84784F408235EA0DE3B99DF3DE441E740
                                                                                                                                                                                                                                                                    Function 00007FF6331F72BC Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 318 7ff6331f72bc-7ff6331f732f call 7ff6331f6ff0 321 7ff6331f7331-7ff6331f733a call 7ff6331e54a4 318->321 322 7ff6331f7349-7ff6331f7353 call 7ff6331e8434 318->322 327 7ff6331f733d-7ff6331f7344 call 7ff6331e54c4 321->327 328 7ff6331f7355-7ff6331f736c call 7ff6331e54a4 call 7ff6331e54c4 322->328 329 7ff6331f736e-7ff6331f73d7 CreateFileW 322->329 342 7ff6331f768a-7ff6331f76aa 327->342 328->327 332 7ff6331f7454-7ff6331f745f GetFileType 329->332 333 7ff6331f73d9-7ff6331f73df 329->333 337 7ff6331f74b2-7ff6331f74b9 332->337 338 7ff6331f7461-7ff6331f749c GetLastError call 7ff6331e5438 CloseHandle 332->338 334 7ff6331f7421-7ff6331f744f GetLastError call 7ff6331e5438 333->334 335 7ff6331f73e1-7ff6331f73e5 333->335 334->327 335->334 340 7ff6331f73e7-7ff6331f741f CreateFileW 335->340 345 7ff6331f74c1-7ff6331f74c4 337->345 346 7ff6331f74bb-7ff6331f74bf 337->346 338->327 353 7ff6331f74a2-7ff6331f74ad call 7ff6331e54c4 338->353 340->332 340->334 350 7ff6331f74ca-7ff6331f751f call 7ff6331e834c 345->350 351 7ff6331f74c6 345->351 346->350 356 7ff6331f7521-7ff6331f752d call 7ff6331f71f8 350->356 357 7ff6331f753e-7ff6331f756f call 7ff6331f6d70 350->357 351->350 353->327 356->357 363 7ff6331f752f 356->363 364 7ff6331f7575-7ff6331f75b7 357->364 365 7ff6331f7571-7ff6331f7573 357->365 366 7ff6331f7531-7ff6331f7539 call 7ff6331eb084 363->366 367 7ff6331f75d9-7ff6331f75e4 364->367 368 7ff6331f75b9-7ff6331f75bd 364->368 365->366 366->342 370 7ff6331f75ea-7ff6331f75ee 367->370 371 7ff6331f7688 367->371 368->367 369 7ff6331f75bf-7ff6331f75d4 368->369 369->367 370->371 373 7ff6331f75f4-7ff6331f7639 CloseHandle CreateFileW 370->373 371->342 375 7ff6331f766e-7ff6331f7683 373->375 376 7ff6331f763b-7ff6331f7669 GetLastError call 7ff6331e5438 call 7ff6331e8574 373->376 375->371 376->375
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1617910340-0
                                                                                                                                                                                                                                                                    • Opcode ID: d1d4f06f2925cf98ba43065425f03779d4007acc0884ea13a9d80746d18551ee
                                                                                                                                                                                                                                                                    • Instruction ID: 622eb544720cb8d0b8f680c6370aaf2aa2f611569e4b1ca606e64cbab1edcc73
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d1d4f06f2925cf98ba43065425f03779d4007acc0884ea13a9d80746d18551ee
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6EC1C237B28A4285EB10CF69C4926AC37A1FB48BA8B015335EE1EA77D5DF39D056D340
                                                                                                                                                                                                                                                                    Function 00007FF6331D7950 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 141COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetTempPathW.KERNEL32(00000000,?,00000000,00000000,?,00007FF6331D154F), ref: 00007FF6331D79E7
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331D7B60: GetEnvironmentVariableW.KERNEL32(00007FF6331D3A1F), ref: 00007FF6331D7B9A
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331D7B60: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6331D7BB7
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331E7DEC: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6331E7E05
                                                                                                                                                                                                                                                                    • SetEnvironmentVariableW.KERNEL32 ref: 00007FF6331D7AA1
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331D2B30: MessageBoxW.USER32 ref: 00007FF6331D2C05
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                                                                                                                                    • API String ID: 3752271684-1116378104
                                                                                                                                                                                                                                                                    • Opcode ID: a027e6aea258c43f07e2bc9a46543fc38ad0f37717e376dcca62c7854c850c7b
                                                                                                                                                                                                                                                                    • Instruction ID: f6b9ad4eee2eff067c0a8b4a6575c7827660d33496a93354caa1c678ac105df4
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a027e6aea258c43f07e2bc9a46543fc38ad0f37717e376dcca62c7854c850c7b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE51B422B1965341FE14EB66A8172BA72915F8ABC0F485431FD0EEBB97DE2DE441A300
                                                                                                                                                                                                                                                                    Function 00007FF6331F65EC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 766 7ff6331f65ec-7ff6331f6621 call 7ff6331f5cf8 call 7ff6331f5d00 call 7ff6331f5d68 773 7ff6331f675f-7ff6331f67cd call 7ff6331eaec4 call 7ff6331f1be8 766->773 774 7ff6331f6627-7ff6331f6632 call 7ff6331f5d08 766->774 785 7ff6331f67cf-7ff6331f67d6 773->785 786 7ff6331f67db-7ff6331f67de 773->786 774->773 780 7ff6331f6638-7ff6331f6643 call 7ff6331f5d38 774->780 780->773 787 7ff6331f6649-7ff6331f666c call 7ff6331eaf0c GetTimeZoneInformation 780->787 791 7ff6331f686b-7ff6331f686e 785->791 789 7ff6331f6815-7ff6331f6828 call 7ff6331edbbc 786->789 790 7ff6331f67e0 786->790 796 7ff6331f6734-7ff6331f675e call 7ff6331f5cf0 call 7ff6331f5ce0 call 7ff6331f5ce8 787->796 797 7ff6331f6672-7ff6331f6693 787->797 807 7ff6331f6833-7ff6331f684e call 7ff6331f1be8 789->807 808 7ff6331f682a 789->808 793 7ff6331f67e3 790->793 791->793 794 7ff6331f6874-7ff6331f687c call 7ff6331f6370 791->794 798 7ff6331f67e8-7ff6331f6814 call 7ff6331eaf0c call 7ff6331dbcc0 793->798 799 7ff6331f67e3 call 7ff6331f65ec 793->799 794->798 802 7ff6331f6695-7ff6331f669b 797->802 803 7ff6331f669e-7ff6331f66a5 797->803 799->798 802->803 810 7ff6331f66b9 803->810 811 7ff6331f66a7-7ff6331f66af 803->811 822 7ff6331f6855-7ff6331f6867 call 7ff6331eaf0c 807->822 823 7ff6331f6850-7ff6331f6853 807->823 814 7ff6331f682c-7ff6331f6831 call 7ff6331eaf0c 808->814 818 7ff6331f66bb-7ff6331f672f call 7ff6331dd0e0 * 4 call 7ff6331f31cc call 7ff6331f6884 * 2 810->818 811->810 816 7ff6331f66b1-7ff6331f66b7 811->816 814->790 816->818 818->796 822->791 823->814
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6331F661A
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331F5D68: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6331F5D7C
                                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6331F662B
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331F5D08: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6331F5D1C
                                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6331F663C
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331F5D38: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6331F5D4C
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331EAF0C: RtlFreeHeap.NTDLL(?,?,?,00007FF6331F3392,?,?,?,00007FF6331F33CF,?,?,00000000,00007FF6331F3895,?,?,00000000,00007FF6331F37C7), ref: 00007FF6331EAF22
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331EAF0C: GetLastError.KERNEL32(?,?,?,00007FF6331F3392,?,?,?,00007FF6331F33CF,?,?,00000000,00007FF6331F3895,?,?,00000000,00007FF6331F37C7), ref: 00007FF6331EAF2C
                                                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6331F687C), ref: 00007FF6331F6663
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                                    • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                                                    • API String ID: 3458911817-239921721
                                                                                                                                                                                                                                                                    • Opcode ID: d89d275585cbbb59bda8e874ee0f2677ffedd79ad2d8aa11b56fbb7743459a01
                                                                                                                                                                                                                                                                    • Instruction ID: b100646112d3ab7c0a8cdbbbad8c26dd9d34fa20af87e0e00ac18828894ab7a0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d89d275585cbbb59bda8e874ee0f2677ffedd79ad2d8aa11b56fbb7743459a01
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 37518332E1865286E710EF21E9925B9B7A0FF88784F448235EA4DE3796DF3DE441E740
                                                                                                                                                                                                                                                                    Function 00007FF6331D1710 Relevance: 24.6, APIs: 1, Strings: 13, Instructions: 148COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 0 7ff6331d1710-7ff6331d1724 1 7ff6331d173e-7ff6331d1742 0->1 2 7ff6331d1726-7ff6331d173d call 7ff6331d2b30 0->2 4 7ff6331d1744-7ff6331d174d call 7ff6331d12b0 1->4 5 7ff6331d1768-7ff6331d178b call 7ff6331d7c10 1->5 11 7ff6331d175f-7ff6331d1767 4->11 12 7ff6331d174f-7ff6331d175a call 7ff6331d2b30 4->12 13 7ff6331d178d-7ff6331d17b8 call 7ff6331d2890 5->13 14 7ff6331d17b9-7ff6331d17d4 call 7ff6331d3fd0 5->14 12->11 20 7ff6331d17ee-7ff6331d1801 call 7ff6331e0814 14->20 21 7ff6331d17d6-7ff6331d17e9 call 7ff6331d2b30 14->21 27 7ff6331d1823-7ff6331d1827 20->27 28 7ff6331d1803-7ff6331d181e call 7ff6331d2890 20->28 26 7ff6331d192f-7ff6331d1932 call 7ff6331e018c 21->26 35 7ff6331d1937-7ff6331d194e 26->35 31 7ff6331d1841-7ff6331d1861 call 7ff6331e4f90 27->31 32 7ff6331d1829-7ff6331d1835 call 7ff6331d1050 27->32 39 7ff6331d1927-7ff6331d192a call 7ff6331e018c 28->39 40 7ff6331d1882-7ff6331d1888 31->40 41 7ff6331d1863-7ff6331d187d call 7ff6331d2890 31->41 37 7ff6331d183a-7ff6331d183c 32->37 37->39 39->26 44 7ff6331d1915-7ff6331d1918 call 7ff6331e4f7c 40->44 45 7ff6331d188e-7ff6331d1897 40->45 49 7ff6331d191d-7ff6331d1922 41->49 44->49 48 7ff6331d18a0-7ff6331d18c2 call 7ff6331e04dc 45->48 52 7ff6331d18c4-7ff6331d18dc call 7ff6331e0c1c 48->52 53 7ff6331d18f5-7ff6331d18fc 48->53 49->39 59 7ff6331d18e5-7ff6331d18f3 52->59 60 7ff6331d18de-7ff6331d18e1 52->60 54 7ff6331d1903-7ff6331d190b call 7ff6331d2890 53->54 62 7ff6331d1910 54->62 59->54 60->48 61 7ff6331d18e3 60->61 61->62 62->44
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Message
                                                                                                                                                                                                                                                                    • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc$pyi_arch_extract2fs was called before temporary directory was initialized!
                                                                                                                                                                                                                                                                    • API String ID: 2030045667-3833288071
                                                                                                                                                                                                                                                                    • Opcode ID: 1d4849b7d80a799b5834f335c32f6aef34602a4c3927dc6a55dcd01d513fe035
                                                                                                                                                                                                                                                                    • Instruction ID: 72b96a733c89b1b45fd980975c695018bed6e38d534b9b123234f3a70d46e155
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d4849b7d80a799b5834f335c32f6aef34602a4c3927dc6a55dcd01d513fe035
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C751C171F0C64282EA949B15E8522BA7390BF46BD4F444631EE0DE7B95DF3CE245E700
                                                                                                                                                                                                                                                                    Function 00007FF6331D8950 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(0000000100000001,00007FF6331D414C,00007FF6331D7911,?,00007FF6331D7D26,?,00007FF6331D1785), ref: 00007FF6331D8990
                                                                                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(?,00007FF6331D7D26,?,00007FF6331D1785), ref: 00007FF6331D89A1
                                                                                                                                                                                                                                                                    • GetTokenInformation.KERNELBASE(?,00007FF6331D7D26,?,00007FF6331D1785), ref: 00007FF6331D89C3
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6331D7D26,?,00007FF6331D1785), ref: 00007FF6331D89CD
                                                                                                                                                                                                                                                                    • GetTokenInformation.KERNELBASE(?,00007FF6331D7D26,?,00007FF6331D1785), ref: 00007FF6331D8A0A
                                                                                                                                                                                                                                                                    • ConvertSidToStringSidW.ADVAPI32 ref: 00007FF6331D8A1C
                                                                                                                                                                                                                                                                    • CloseHandle.KERNELBASE(?,00007FF6331D7D26,?,00007FF6331D1785), ref: 00007FF6331D8A34
                                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,00007FF6331D7D26,?,00007FF6331D1785), ref: 00007FF6331D8A66
                                                                                                                                                                                                                                                                    • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32 ref: 00007FF6331D8A8D
                                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNELBASE(?,00007FF6331D7D26,?,00007FF6331D1785), ref: 00007FF6331D8A9E
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                                                                                                                                                                                                                    • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                                                                                                                                    • API String ID: 4998090-2855260032
                                                                                                                                                                                                                                                                    • Opcode ID: 9d301874694f13eee612efc427f36135b77fc192910b60788b949b6aa4b4f411
                                                                                                                                                                                                                                                                    • Instruction ID: c37ea5a45032b4aee6d8d3fe94e2dc8605da6c185de840d75705e64e68dedcba
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9d301874694f13eee612efc427f36135b77fc192910b60788b949b6aa4b4f411
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30419F3161CA8682EB109F60F4466BA73A0FF85794F445231EA5E97BE9DF7CE448D700
                                                                                                                                                                                                                                                                    Function 00007FF6331D1AA0 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 135COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _fread_nolock$Message
                                                                                                                                                                                                                                                                    • String ID: Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                                                                                                                                                    • API String ID: 677216364-1384898525
                                                                                                                                                                                                                                                                    • Opcode ID: bef2efb2cd11177f7fad841b31f97f8d254ba4402f7f1bb4d992781a20fa2ecf
                                                                                                                                                                                                                                                                    • Instruction ID: ffed1f7b2dd18ae95992f36e94668d8a77c9c8020c43a648b3f1335ea3d06e9c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bef2efb2cd11177f7fad841b31f97f8d254ba4402f7f1bb4d992781a20fa2ecf
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D251CE72B09A4286EB94CF28E44217973E0FF49B84B548235DA0CE7BA9DE7CE440DB44
                                                                                                                                                                                                                                                                    Function 00007FF6331D8080 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90processsynchronizationCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                                                                                                    • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                                                                                                                    • API String ID: 2895956056-3524285272
                                                                                                                                                                                                                                                                    • Opcode ID: 43f1d35e7fbf24803adac071d2ce953c020152e2d40e2e5a1956faa0815d12d1
                                                                                                                                                                                                                                                                    • Instruction ID: 3ce58fe1f9d95e520251dacc7a8fcacc5bd644dc19ee2cfd465392ecaf3a3dcc
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 43f1d35e7fbf24803adac071d2ce953c020152e2d40e2e5a1956faa0815d12d1
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A7414631A087C682DA209B64F4562AAB3A4FF95360F505339E6AD97BD5DF7CD044DB00
                                                                                                                                                                                                                                                                    Function 00007FF6331D1000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 264COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 381 7ff6331d1000-7ff6331d39d6 call 7ff6331dff60 call 7ff6331dff58 call 7ff6331d86b0 call 7ff6331dff58 call 7ff6331dbc60 call 7ff6331e52f0 call 7ff6331e5ef8 call 7ff6331d1eb0 399 7ff6331d3ad2 381->399 400 7ff6331d39dc-7ff6331d39ec call 7ff6331d3ec0 381->400 402 7ff6331d3ad7-7ff6331d3af7 call 7ff6331dbcc0 399->402 400->399 406 7ff6331d39f2-7ff6331d3a05 call 7ff6331d3d90 400->406 406->399 409 7ff6331d3a0b-7ff6331d3a32 call 7ff6331d7b60 406->409 412 7ff6331d3a74-7ff6331d3a9c call 7ff6331d8040 call 7ff6331d1cb0 409->412 413 7ff6331d3a34-7ff6331d3a43 call 7ff6331d7b60 409->413 424 7ff6331d3aa2-7ff6331d3ab8 call 7ff6331d1cb0 412->424 425 7ff6331d3b71-7ff6331d3b82 412->425 413->412 419 7ff6331d3a45-7ff6331d3a4b 413->419 421 7ff6331d3a4d-7ff6331d3a55 419->421 422 7ff6331d3a57-7ff6331d3a71 call 7ff6331e4f7c call 7ff6331d8040 419->422 421->422 422->412 440 7ff6331d3aba-7ff6331d3acd call 7ff6331d2b30 424->440 441 7ff6331d3af8-7ff6331d3afb 424->441 427 7ff6331d3b84-7ff6331d3b8b 425->427 428 7ff6331d3b9e-7ff6331d3ba1 425->428 427->428 431 7ff6331d3b8d-7ff6331d3b90 call 7ff6331d14f0 427->431 432 7ff6331d3ba3-7ff6331d3ba9 428->432 433 7ff6331d3bb7-7ff6331d3bcf call 7ff6331d8ae0 428->433 444 7ff6331d3b95-7ff6331d3b98 431->444 437 7ff6331d3bef-7ff6331d3bfc call 7ff6331d6de0 432->437 438 7ff6331d3bab-7ff6331d3bb5 432->438 449 7ff6331d3be2-7ff6331d3be9 SetDllDirectoryW 433->449 450 7ff6331d3bd1-7ff6331d3bdd call 7ff6331d2b30 433->450 451 7ff6331d3bfe-7ff6331d3c0b call 7ff6331d6a90 437->451 452 7ff6331d3c47-7ff6331d3c4c call 7ff6331d6d60 437->452 438->433 438->437 440->399 441->425 443 7ff6331d3afd-7ff6331d3b14 call 7ff6331d3fd0 441->443 457 7ff6331d3b1b-7ff6331d3b47 call 7ff6331d82b0 443->457 458 7ff6331d3b16-7ff6331d3b19 443->458 444->399 444->428 449->437 450->399 451->452 466 7ff6331d3c0d-7ff6331d3c1c call 7ff6331d65f0 451->466 460 7ff6331d3c51-7ff6331d3c54 452->460 457->425 472 7ff6331d3b49-7ff6331d3b51 call 7ff6331e018c 457->472 462 7ff6331d3b56-7ff6331d3b6c call 7ff6331d2b30 458->462 464 7ff6331d3c5a-7ff6331d3c67 460->464 465 7ff6331d3d06-7ff6331d3d15 call 7ff6331d34c0 460->465 462->399 469 7ff6331d3c70-7ff6331d3c7a 464->469 465->399 483 7ff6331d3d1b-7ff6331d3d4d call 7ff6331d7fd0 call 7ff6331d7b60 call 7ff6331d3620 call 7ff6331d8080 465->483 481 7ff6331d3c1e-7ff6331d3c2a call 7ff6331d6570 466->481 482 7ff6331d3c3d-7ff6331d3c42 call 7ff6331d6840 466->482 474 7ff6331d3c83-7ff6331d3c85 469->474 475 7ff6331d3c7c-7ff6331d3c81 469->475 472->462 479 7ff6331d3cd1-7ff6331d3d01 call 7ff6331d3620 call 7ff6331d3460 call 7ff6331d3610 call 7ff6331d6840 call 7ff6331d6d60 474->479 480 7ff6331d3c87-7ff6331d3caa call 7ff6331d1ef0 474->480 475->469 475->474 479->402 480->399 494 7ff6331d3cb0-7ff6331d3cba 480->494 481->482 495 7ff6331d3c2c-7ff6331d3c3b call 7ff6331d6c30 481->495 482->452 509 7ff6331d3d52-7ff6331d3d6f call 7ff6331d6840 call 7ff6331d6d60 483->509 499 7ff6331d3cc0-7ff6331d3ccf 494->499 495->460 499->479 499->499 517 7ff6331d3d71-7ff6331d3d78 call 7ff6331d7d40 509->517 518 7ff6331d3d7d-7ff6331d3d87 call 7ff6331d1e80 509->518 517->518 518->402
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331D3EC0: GetModuleFileNameW.KERNEL32(?,00007FF6331D39EA), ref: 00007FF6331D3EF1
                                                                                                                                                                                                                                                                    • SetDllDirectoryW.KERNEL32 ref: 00007FF6331D3BE9
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331D7B60: GetEnvironmentVariableW.KERNEL32(00007FF6331D3A1F), ref: 00007FF6331D7B9A
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331D7B60: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6331D7BB7
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                                                                                                                                                    • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                                                                                                    • API String ID: 2344891160-3602715111
                                                                                                                                                                                                                                                                    • Opcode ID: bc804580661d330fd68571be0a8a6f4046a9eb4bd7f0ff81acb8572ffe878501
                                                                                                                                                                                                                                                                    • Instruction ID: 93900d8851849f102755d105d31d52044f9985e613f357c8705321dcc64117d4
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bc804580661d330fd68571be0a8a6f4046a9eb4bd7f0ff81acb8572ffe878501
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3CB1C131B2C68741EA65AB21D8532BE3390FF46784F445532EA4DE779AEF2CE605E700
                                                                                                                                                                                                                                                                    Function 00007FF6331D1050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 522 7ff6331d1050-7ff6331d10ab call 7ff6331db4e0 525 7ff6331d10d3-7ff6331d10eb call 7ff6331e4f90 522->525 526 7ff6331d10ad-7ff6331d10d2 call 7ff6331d2b30 522->526 531 7ff6331d10ed-7ff6331d1104 call 7ff6331d2890 525->531 532 7ff6331d1109-7ff6331d1119 call 7ff6331e4f90 525->532 537 7ff6331d126c-7ff6331d1281 call 7ff6331db1c0 call 7ff6331e4f7c * 2 531->537 538 7ff6331d111b-7ff6331d1132 call 7ff6331d2890 532->538 539 7ff6331d1137-7ff6331d1147 532->539 554 7ff6331d1286-7ff6331d12a0 537->554 538->537 541 7ff6331d1150-7ff6331d1175 call 7ff6331e04dc 539->541 549 7ff6331d125e 541->549 550 7ff6331d117b-7ff6331d1185 call 7ff6331e0250 541->550 552 7ff6331d1264 549->552 550->549 556 7ff6331d118b-7ff6331d1197 550->556 552->537 557 7ff6331d11a0-7ff6331d11c8 call 7ff6331d9990 556->557 560 7ff6331d1241-7ff6331d125c call 7ff6331d2b30 557->560 561 7ff6331d11ca-7ff6331d11cd 557->561 560->552 562 7ff6331d11cf-7ff6331d11d9 561->562 563 7ff6331d123c 561->563 565 7ff6331d1203-7ff6331d1206 562->565 566 7ff6331d11db-7ff6331d11e8 call 7ff6331e0c1c 562->566 563->560 569 7ff6331d1208-7ff6331d1216 call 7ff6331dca40 565->569 570 7ff6331d1219-7ff6331d121e 565->570 572 7ff6331d11ed-7ff6331d11f0 566->572 569->570 570->557 571 7ff6331d1220-7ff6331d1223 570->571 575 7ff6331d1225-7ff6331d1228 571->575 576 7ff6331d1237-7ff6331d123a 571->576 577 7ff6331d11f2-7ff6331d11fc call 7ff6331e0250 572->577 578 7ff6331d11fe-7ff6331d1201 572->578 575->560 579 7ff6331d122a-7ff6331d1232 575->579 576->552 577->570 577->578 578->560 579->541
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Message
                                                                                                                                                                                                                                                                    • String ID: 1.2.13$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                                                    • API String ID: 2030045667-1655038675
                                                                                                                                                                                                                                                                    • Opcode ID: 7739cbabc253cc6e8f59069b699201d0862b4b88c7660801c14c8af0229557fd
                                                                                                                                                                                                                                                                    • Instruction ID: 2723bbc5d43ded0862e80d1908950379e22ca08d8fc1bfb2ad5d073c02e7073b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7739cbabc253cc6e8f59069b699201d0862b4b88c7660801c14c8af0229557fd
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 07510332A0868285EAA0DB51E4423BA7390FF8A794F544135EE4EE7B85EF3CE445E300
                                                                                                                                                                                                                                                                    Function 00007FF6331EC01C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 653 7ff6331ec01c-7ff6331ec042 654 7ff6331ec044-7ff6331ec058 call 7ff6331e54a4 call 7ff6331e54c4 653->654 655 7ff6331ec05d-7ff6331ec061 653->655 673 7ff6331ec44e 654->673 656 7ff6331ec437-7ff6331ec443 call 7ff6331e54a4 call 7ff6331e54c4 655->656 657 7ff6331ec067-7ff6331ec06e 655->657 676 7ff6331ec449 call 7ff6331eaea4 656->676 657->656 659 7ff6331ec074-7ff6331ec0a2 657->659 659->656 662 7ff6331ec0a8-7ff6331ec0af 659->662 665 7ff6331ec0b1-7ff6331ec0c3 call 7ff6331e54a4 call 7ff6331e54c4 662->665 666 7ff6331ec0c8-7ff6331ec0cb 662->666 665->676 671 7ff6331ec433-7ff6331ec435 666->671 672 7ff6331ec0d1-7ff6331ec0d7 666->672 674 7ff6331ec451-7ff6331ec468 671->674 672->671 677 7ff6331ec0dd-7ff6331ec0e0 672->677 673->674 676->673 677->665 680 7ff6331ec0e2-7ff6331ec107 677->680 682 7ff6331ec13a-7ff6331ec141 680->682 683 7ff6331ec109-7ff6331ec10b 680->683 684 7ff6331ec143-7ff6331ec16b call 7ff6331edbbc call 7ff6331eaf0c * 2 682->684 685 7ff6331ec116-7ff6331ec12d call 7ff6331e54a4 call 7ff6331e54c4 call 7ff6331eaea4 682->685 686 7ff6331ec132-7ff6331ec138 683->686 687 7ff6331ec10d-7ff6331ec114 683->687 718 7ff6331ec16d-7ff6331ec183 call 7ff6331e54c4 call 7ff6331e54a4 684->718 719 7ff6331ec188-7ff6331ec1b3 call 7ff6331ec844 684->719 715 7ff6331ec2c0 685->715 688 7ff6331ec1b8-7ff6331ec1cf 686->688 687->685 687->686 692 7ff6331ec1d1-7ff6331ec1d9 688->692 693 7ff6331ec24a-7ff6331ec254 call 7ff6331f3f8c 688->693 692->693 697 7ff6331ec1db-7ff6331ec1dd 692->697 704 7ff6331ec2de 693->704 705 7ff6331ec25a-7ff6331ec26f 693->705 697->693 701 7ff6331ec1df-7ff6331ec1f5 697->701 701->693 706 7ff6331ec1f7-7ff6331ec203 701->706 708 7ff6331ec2e3-7ff6331ec303 ReadFile 704->708 705->704 710 7ff6331ec271-7ff6331ec283 GetConsoleMode 705->710 706->693 711 7ff6331ec205-7ff6331ec207 706->711 713 7ff6331ec3fd-7ff6331ec406 GetLastError 708->713 714 7ff6331ec309-7ff6331ec311 708->714 710->704 716 7ff6331ec285-7ff6331ec28d 710->716 711->693 717 7ff6331ec209-7ff6331ec221 711->717 723 7ff6331ec423-7ff6331ec426 713->723 724 7ff6331ec408-7ff6331ec41e call 7ff6331e54c4 call 7ff6331e54a4 713->724 714->713 720 7ff6331ec317 714->720 725 7ff6331ec2c3-7ff6331ec2cd call 7ff6331eaf0c 715->725 716->708 722 7ff6331ec28f-7ff6331ec2b1 ReadConsoleW 716->722 717->693 726 7ff6331ec223-7ff6331ec22f 717->726 718->715 719->688 729 7ff6331ec31e-7ff6331ec333 720->729 731 7ff6331ec2d2-7ff6331ec2dc 722->731 732 7ff6331ec2b3 GetLastError 722->732 736 7ff6331ec42c-7ff6331ec42e 723->736 737 7ff6331ec2b9-7ff6331ec2bb call 7ff6331e5438 723->737 724->715 725->674 726->693 735 7ff6331ec231-7ff6331ec233 726->735 729->725 739 7ff6331ec335-7ff6331ec340 729->739 731->729 732->737 735->693 743 7ff6331ec235-7ff6331ec245 735->743 736->725 737->715 745 7ff6331ec342-7ff6331ec35b call 7ff6331ebc34 739->745 746 7ff6331ec367-7ff6331ec36f 739->746 743->693 753 7ff6331ec360-7ff6331ec362 745->753 749 7ff6331ec371-7ff6331ec383 746->749 750 7ff6331ec3eb-7ff6331ec3f8 call 7ff6331eba74 746->750 754 7ff6331ec385 749->754 755 7ff6331ec3de-7ff6331ec3e6 749->755 750->753 753->725 757 7ff6331ec38a-7ff6331ec391 754->757 755->725 758 7ff6331ec393-7ff6331ec397 757->758 759 7ff6331ec3cd-7ff6331ec3d8 757->759 760 7ff6331ec3b3 758->760 761 7ff6331ec399-7ff6331ec3a0 758->761 759->755 762 7ff6331ec3b9-7ff6331ec3c9 760->762 761->760 763 7ff6331ec3a2-7ff6331ec3a6 761->763 762->757 764 7ff6331ec3cb 762->764 763->760 765 7ff6331ec3a8-7ff6331ec3b1 763->765 764->755 765->762
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                    • Opcode ID: be7416da91f84ed5bfdd546aa92e4ee07cb2f4e154380db95b5ab7bb0620c26f
                                                                                                                                                                                                                                                                    • Instruction ID: 61941d3d5b06a67b851c02a3a8948eda98b8f9140069856eeb8189996f77d094
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: be7416da91f84ed5bfdd546aa92e4ee07cb2f4e154380db95b5ab7bb0620c26f
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DEC12733A0C78781E7608B5598422BD7BA4FF84B80F556131EA4E97B92DF7EE845E300
                                                                                                                                                                                                                                                                    Function 00007FF6331ED520 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 876 7ff6331ed520-7ff6331ed545 877 7ff6331ed813 876->877 878 7ff6331ed54b-7ff6331ed54e 876->878 879 7ff6331ed815-7ff6331ed825 877->879 880 7ff6331ed550-7ff6331ed582 call 7ff6331eadd8 878->880 881 7ff6331ed587-7ff6331ed5b3 878->881 880->879 883 7ff6331ed5b5-7ff6331ed5bc 881->883 884 7ff6331ed5be-7ff6331ed5c4 881->884 883->880 883->884 886 7ff6331ed5d4-7ff6331ed5e9 call 7ff6331f3f8c 884->886 887 7ff6331ed5c6-7ff6331ed5cf call 7ff6331ec8e0 884->887 891 7ff6331ed703-7ff6331ed70c 886->891 892 7ff6331ed5ef-7ff6331ed5f8 886->892 887->886 893 7ff6331ed760-7ff6331ed785 WriteFile 891->893 894 7ff6331ed70e-7ff6331ed714 891->894 892->891 895 7ff6331ed5fe-7ff6331ed602 892->895 900 7ff6331ed790 893->900 901 7ff6331ed787-7ff6331ed78d GetLastError 893->901 896 7ff6331ed74c-7ff6331ed75e call 7ff6331ecfd8 894->896 897 7ff6331ed716-7ff6331ed719 894->897 898 7ff6331ed604-7ff6331ed60c call 7ff6331e4900 895->898 899 7ff6331ed613-7ff6331ed61e 895->899 924 7ff6331ed6f0-7ff6331ed6f7 896->924 902 7ff6331ed71b-7ff6331ed71e 897->902 903 7ff6331ed738-7ff6331ed74a call 7ff6331ed1f8 897->903 898->899 905 7ff6331ed620-7ff6331ed629 899->905 906 7ff6331ed62f-7ff6331ed644 GetConsoleMode 899->906 908 7ff6331ed793 900->908 901->900 910 7ff6331ed7a4-7ff6331ed7ae 902->910 911 7ff6331ed724-7ff6331ed736 call 7ff6331ed0dc 902->911 903->924 905->891 905->906 914 7ff6331ed6fc 906->914 915 7ff6331ed64a-7ff6331ed650 906->915 909 7ff6331ed798 908->909 917 7ff6331ed79d 909->917 918 7ff6331ed7b0-7ff6331ed7b5 910->918 919 7ff6331ed80c-7ff6331ed811 910->919 911->924 914->891 922 7ff6331ed6d9-7ff6331ed6eb call 7ff6331ecb60 915->922 923 7ff6331ed656-7ff6331ed659 915->923 917->910 925 7ff6331ed7e3-7ff6331ed7ed 918->925 926 7ff6331ed7b7-7ff6331ed7ba 918->926 919->879 922->924 929 7ff6331ed664-7ff6331ed672 923->929 930 7ff6331ed65b-7ff6331ed65e 923->930 924->909 933 7ff6331ed7f4-7ff6331ed803 925->933 934 7ff6331ed7ef-7ff6331ed7f2 925->934 931 7ff6331ed7d3-7ff6331ed7de call 7ff6331e5480 926->931 932 7ff6331ed7bc-7ff6331ed7cb 926->932 935 7ff6331ed674 929->935 936 7ff6331ed6d0-7ff6331ed6d4 929->936 930->917 930->929 931->925 932->931 933->919 934->877 934->933 938 7ff6331ed678-7ff6331ed68f call 7ff6331f4058 935->938 936->908 942 7ff6331ed691-7ff6331ed69d 938->942 943 7ff6331ed6c7-7ff6331ed6cd GetLastError 938->943 944 7ff6331ed69f-7ff6331ed6b1 call 7ff6331f4058 942->944 945 7ff6331ed6bc-7ff6331ed6c3 942->945 943->936 944->943 949 7ff6331ed6b3-7ff6331ed6ba 944->949 945->936 947 7ff6331ed6c5 945->947 947->938 949->945
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF6331ED50B), ref: 00007FF6331ED63C
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF6331ED50B), ref: 00007FF6331ED6C7
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 953036326-0
                                                                                                                                                                                                                                                                    • Opcode ID: 9c71bbc92960716eb9d411b0b48861d3e4dcea1db34bc3604978879cc3cc685b
                                                                                                                                                                                                                                                                    • Instruction ID: 4749a6e5c5e1ea078b663ffaa27459b9915df41c729285b742a2e6df57bd9c55
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c71bbc92960716eb9d411b0b48861d3e4dcea1db34bc3604978879cc3cc685b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E91C272E1875289F7609F6594426BD3BA0BB44B88F146139DE0EB7B94DF3ED482E700
                                                                                                                                                                                                                                                                    Function 00007FF6331EFCEC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 4170891091-0
                                                                                                                                                                                                                                                                    • Opcode ID: 576313037ba361094b23b779854add166a997b8059c5947e2a7d8f77b38f16ad
                                                                                                                                                                                                                                                                    • Instruction ID: 439373762dded13ec579cced0d1f0017788dbec7a976b2f4ccf200c3cc0b7ae5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 576313037ba361094b23b779854add166a997b8059c5947e2a7d8f77b38f16ad
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A751F572F043128AFB18CF7899566BC37A1AB40398F525235DD1EA2FE5DF3AA411D700
                                                                                                                                                                                                                                                                    Function 00007FF6331E5854 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2780335769-0
                                                                                                                                                                                                                                                                    • Opcode ID: 3c2c438fc886d9266b26b1d77d473080d340d464ba6af73c9b4e0904225c3da2
                                                                                                                                                                                                                                                                    • Instruction ID: a8e6598e0579f2937e27075627071f39bcdd893b6df4249c77a402546fbdc4f5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3c2c438fc886d9266b26b1d77d473080d340d464ba6af73c9b4e0904225c3da2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA518D22A087418AFB14DF71D4523BD33A1AB48BA8F14A535DE4DABB9DDF39D4809710
                                                                                                                                                                                                                                                                    Function 00007FF6331DC07C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1452418845-0
                                                                                                                                                                                                                                                                    • Opcode ID: 416c85195b1c4a12d0bca0f9f3e62a22dfdeb9afd9333f8228f8268f9139cf84
                                                                                                                                                                                                                                                                    • Instruction ID: 24887fe6365a89948369ec324347abd7c75998b3894c461f9998e2b7fe6ecba3
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 416c85195b1c4a12d0bca0f9f3e62a22dfdeb9afd9333f8228f8268f9139cf84
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06314A21E0C2A381FA64AB65E5533BA3391AF43784F445935E94EE77E7CE2DA404F601
                                                                                                                                                                                                                                                                    Function 00007FF6331E5700 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1279662727-0
                                                                                                                                                                                                                                                                    • Opcode ID: 4e99df99e7301f39d701a276f02ef329721f1d5d609599a82ba0c959db36bcb5
                                                                                                                                                                                                                                                                    • Instruction ID: ffa6d46a1beacef4bc48df4110aaf0a8a8360f9a6a93c03f8b615232849931ec
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e99df99e7301f39d701a276f02ef329721f1d5d609599a82ba0c959db36bcb5
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A41A022D1878283E7548B21951136973A0FB957A4F10A334EA9C93FDAEF7DE5E0A700
                                                                                                                                                                                                                                                                    Function 00007FF6331E027C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                    • Opcode ID: 2f7bb398de8c4fd3266a2cb5114fed605c2779b223882c17691b198031e80610
                                                                                                                                                                                                                                                                    • Instruction ID: 8468168610df7833dbbb5cef0e55dd1324653b93f49a8f3259a7f9bb90776d4b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f7bb398de8c4fd3266a2cb5114fed605c2779b223882c17691b198031e80610
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B511A22B0974286FA289E37950277A72D1BF84BA4F186734DD6DA7FC5CE3ED441A600
                                                                                                                                                                                                                                                                    Function 00007FF6331EC6F4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2976181284-0
                                                                                                                                                                                                                                                                    • Opcode ID: b08d68fc7a6d73a6a6e4925e4a9dc39ae2e5fb86b78546c657aad159ae176ccc
                                                                                                                                                                                                                                                                    • Instruction ID: 153fa6abfc102d7096cd0b3fd5abe69d6e326377459937a0e0eb114c18992170
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b08d68fc7a6d73a6a6e4925e4a9dc39ae2e5fb86b78546c657aad159ae176ccc
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D611E3B2B18B8181EA108B25F80516AB361AB84FF4F545331EEBD97BD9CF7DD051A740
                                                                                                                                                                                                                                                                    Function 00007FF6331E59FC Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6331E5911), ref: 00007FF6331E5A2F
                                                                                                                                                                                                                                                                    • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6331E5911), ref: 00007FF6331E5A45
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1707611234-0
                                                                                                                                                                                                                                                                    • Opcode ID: 01955a0fff7c8d04301666730a5fae84f6474b835d1eccbedadb07c42297a861
                                                                                                                                                                                                                                                                    • Instruction ID: f34e84d196aa323665699a327744e68b8b3fc5b5256c441c7c59d4be9f3de6c7
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 01955a0fff7c8d04301666730a5fae84f6474b835d1eccbedadb07c42297a861
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6511917260C75281EB649B50A45213FF7A0FB85BB1F502235EA9DD5AE8EF2DD044EB00
                                                                                                                                                                                                                                                                    Function 00007FF6331EAF0C Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • RtlFreeHeap.NTDLL(?,?,?,00007FF6331F3392,?,?,?,00007FF6331F33CF,?,?,00000000,00007FF6331F3895,?,?,00000000,00007FF6331F37C7), ref: 00007FF6331EAF22
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF6331F3392,?,?,?,00007FF6331F33CF,?,?,00000000,00007FF6331F3895,?,?,00000000,00007FF6331F37C7), ref: 00007FF6331EAF2C
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 485612231-0
                                                                                                                                                                                                                                                                    • Opcode ID: bfb090b2684f97747e4e2589e7b79ee9627266c2664004addae3296ee4c2c8e2
                                                                                                                                                                                                                                                                    • Instruction ID: 70f7f135180e558034c7ac7f870f840719c302f625a05e5d415d9c99e4d5b778
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bfb090b2684f97747e4e2589e7b79ee9627266c2664004addae3296ee4c2c8e2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 90E08C60F0830242FF18ABB2984707A32A09F88B01F409534CC0EE6792EE2DA885A210
                                                                                                                                                                                                                                                                    Function 00007FF6331EB11C Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • CloseHandle.KERNELBASE(?,?,?,00007FF6331EAF99,?,?,00000000,00007FF6331EB04E), ref: 00007FF6331EB18A
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF6331EAF99,?,?,00000000,00007FF6331EB04E), ref: 00007FF6331EB194
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 918212764-0
                                                                                                                                                                                                                                                                    • Opcode ID: b40b4e21971f44bf7084fa7db8f9dedbad63d491ac625d0e9d3072d74158efd6
                                                                                                                                                                                                                                                                    • Instruction ID: 49f619900af973257fd56e831686dfe4d5f309649a8b2a1d9bc7835e5f85b574
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b40b4e21971f44bf7084fa7db8f9dedbad63d491ac625d0e9d3072d74158efd6
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F121F625F1D78241FE505721B55627E32815F84BF0F08A234DA1FD7BC5CE6DE445A301
                                                                                                                                                                                                                                                                    Function 00007FF6331EC46C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                    • Opcode ID: 491d756dfbf5d606f7e783a7bab36e7eaa3001c20d525fc7b9da7dd63869e3d6
                                                                                                                                                                                                                                                                    • Instruction ID: 6e6afb48093f443a0c4ab5aaf6a2b01dd6d8bbc4880628114fcc14c83765e7f9
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 491d756dfbf5d606f7e783a7bab36e7eaa3001c20d525fc7b9da7dd63869e3d6
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F841F873A0834183EA34DB29E94217977A0EF59B81F142131DA9EE3BD1CF2EE402D750
                                                                                                                                                                                                                                                                    Function 00007FF6331D82B0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _fread_nolock
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 840049012-0
                                                                                                                                                                                                                                                                    • Opcode ID: 717aac22395f5a0de8068709bf9d9ba91e817e3ec8e5af9dcd4582cf0b01ce57
                                                                                                                                                                                                                                                                    • Instruction ID: f8c82464ed2f8c19476091f99730bb2c521ba4732084174b1b7593d70b39d87f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 717aac22395f5a0de8068709bf9d9ba91e817e3ec8e5af9dcd4582cf0b01ce57
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA21E521B0839256FA14AB12A5067FAB691BF46FD5F8C6030EE0DA7F96CE7DE041D300
                                                                                                                                                                                                                                                                    Function 00007FF6331EBEFC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                    • Opcode ID: cf493e245973df117cfb9bdb4be30e1b7cc3e093745a0bb3aa436662ba277ffd
                                                                                                                                                                                                                                                                    • Instruction ID: b9f3af2b66a2443fe335b892baae0f4f99443a39c35e2e41e098a5ff26f56889
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf493e245973df117cfb9bdb4be30e1b7cc3e093745a0bb3aa436662ba277ffd
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2731E632E1D71281F7409B62880337D3690AF80B62F416135EA1CA7BD3DF7EE441AB11
                                                                                                                                                                                                                                                                    Function 00007FF6331E64A8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                    • Opcode ID: c06f943cf2cfad6cae40bb945918742757c954c3eb67e691afc5a150f41a7f23
                                                                                                                                                                                                                                                                    • Instruction ID: 015e785d1a21017808bd106ac7dad4bc5c8f165497e2f9e66e036841a1b26ae2
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c06f943cf2cfad6cae40bb945918742757c954c3eb67e691afc5a150f41a7f23
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 25117522E2C74281FA609F51940227EB2A4BF85B80F845431EA4DE7F96DF7EE440A701
                                                                                                                                                                                                                                                                    Function 00007FF6331F6CAC Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                    • Opcode ID: c0ad99c40d53020ccb328d164a39266f2dfd48b33636b9c7a3122610519525da
                                                                                                                                                                                                                                                                    • Instruction ID: 7ac31ce7c592d763748f8abe809786b3542b8bf49305b236ee6ee989a1a69ae8
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0ad99c40d53020ccb328d164a39266f2dfd48b33636b9c7a3122610519525da
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 47219F32A18A8186EB618F19E44277977A0EB84B94F144334EA9D977DADF3DD8019B00
                                                                                                                                                                                                                                                                    Function 00007FF6331E04FC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                    • Opcode ID: e4e6805aeaf9884a68cba76bd798531beecc2a98c7129b287afec428eebc8cdc
                                                                                                                                                                                                                                                                    • Instruction ID: 011007adca4d87504ce8f1288ca039abb76f6e1a14a5755f980682411afa7285
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e4e6805aeaf9884a68cba76bd798531beecc2a98c7129b287afec428eebc8cdc
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C01D661B0874140EA04DB579902079B691BF85FE0F0C9630DE6CE7FDACE7ED401A300
                                                                                                                                                                                                                                                                    Function 00007FF6331EF158 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(?,?,00000000,00007FF6331EB9A6,?,?,?,00007FF6331EAB67,?,?,00000000,00007FF6331EAE02), ref: 00007FF6331EF1AD
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AllocHeap
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 4292702814-0
                                                                                                                                                                                                                                                                    • Opcode ID: 3903a8e07e771c3ce20f22a7cfda351bfc6825da59dd5d1b3ed6874a84ef80bd
                                                                                                                                                                                                                                                                    • Instruction ID: 0ac954931906b1ae343f6cdc3a15ab498ed7baee96bc278558e04474280cc924
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3903a8e07e771c3ce20f22a7cfda351bfc6825da59dd5d1b3ed6874a84ef80bd
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A7F09659B0930F81FE585761D9173B572915F88BC0F4D6631CD0EE6BC1EE1EE440A210
                                                                                                                                                                                                                                                                    Function 00007FF6331EDBBC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(?,?,?,00007FF6331E0D24,?,?,?,00007FF6331E2236,?,?,?,?,?,00007FF6331E3829), ref: 00007FF6331EDBFA
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AllocHeap
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 4292702814-0
                                                                                                                                                                                                                                                                    • Opcode ID: 4a58605cc4c1e1369a1067e1172dc77d995423b1642967883a658540b08b4ee9
                                                                                                                                                                                                                                                                    • Instruction ID: c6b5a969c198e877c1306f795c38db5d9389f2e96267e4a15172bf771d8490b9
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4a58605cc4c1e1369a1067e1172dc77d995423b1642967883a658540b08b4ee9
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71F01211F0D39749FE585672590327572905F857A0F086734DD2EE6BC1ED6EF480A310

                                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                                    Function 00007FF6331D51E0 Relevance: 233.1, APIs: 44, Strings: 89, Instructions: 363libraryloaderCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AddressProc
                                                                                                                                                                                                                                                                    • String ID: Failed to get address for PyConfig_Clear$Failed to get address for PyConfig_InitIsolatedConfig$Failed to get address for PyConfig_Read$Failed to get address for PyConfig_SetBytesString$Failed to get address for PyConfig_SetString$Failed to get address for PyConfig_SetWideStringList$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyPreConfig_InitIsolatedConfig$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PyStatus_Exception$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetObject$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_ExitStatusException$Failed to get address for Py_Finalize$Failed to get address for Py_InitializeFromConfig$Failed to get address for Py_IsInitialized$Failed to get address for Py_PreInitialize$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                                                                    • API String ID: 190572456-4266016200
                                                                                                                                                                                                                                                                    • Opcode ID: cf77275b4bf0387ff900e5ea28e17749df250fc4abdfb995cff073003fe970f9
                                                                                                                                                                                                                                                                    • Instruction ID: 99854f5d988ab5f5fd9dce6f8c813285ac1a857824f051ac2afd7fc971ab7c89
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf77275b4bf0387ff900e5ea28e17749df250fc4abdfb995cff073003fe970f9
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5A125FA4A4EF03D1FA59CB18A85217433E5AF49790B945635C81EE63A8FF7CB58CF240
                                                                                                                                                                                                                                                                    Function 00007FF6331D1F50 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 188windowCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: MessageSend$Window$Create$Move$ObjectSelect$#380BaseClientDialogDrawFontIndirectInfoParametersRectReleaseSystemTextUnits
                                                                                                                                                                                                                                                                    • String ID: BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
                                                                                                                                                                                                                                                                    • API String ID: 2446303242-1601438679
                                                                                                                                                                                                                                                                    • Opcode ID: 2b11bbb19a83a086465840dcd7a103c40d81e06c4cc6566eb68c4ee1e4e9da55
                                                                                                                                                                                                                                                                    • Instruction ID: b305714a6293f57c137bbb67d21e20ab7ca4c584f16c5fdcfcdffa0941aad48a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b11bbb19a83a086465840dcd7a103c40d81e06c4cc6566eb68c4ee1e4e9da55
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BBA17976608B8587E714CF21E4557AAB3B0FB88B84F508229EB9D53B24CF7DE165CB40
                                                                                                                                                                                                                                                                    Function 00007FF6331F471C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                                                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                    • API String ID: 808467561-2761157908
                                                                                                                                                                                                                                                                    • Opcode ID: 462ebf29a53f9f8e0898a565754c8078d18c0a01f6b8af8c35fed8b76f3e05ac
                                                                                                                                                                                                                                                                    • Instruction ID: ad32df83d952c70b9cfa1681af166f8f000d52444203d4b9f858d607243e789f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 462ebf29a53f9f8e0898a565754c8078d18c0a01f6b8af8c35fed8b76f3e05ac
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 77B2D372A1C2928BE764CE65D4427FD37E1FB54388F505235DA0EA7B88DF38A941EB40
                                                                                                                                                                                                                                                                    Function 00007FF6331D8560 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,00007FF6331D2A5E,?,?,?,?,?,?,?,?,?,?,?,00007FF6331D101D), ref: 00007FF6331D8587
                                                                                                                                                                                                                                                                    • FormatMessageW.KERNEL32 ref: 00007FF6331D85B6
                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32 ref: 00007FF6331D860C
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331D29E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6331D87F2,?,?,?,?,?,?,?,?,?,?,?,00007FF6331D101D), ref: 00007FF6331D2A14
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331D29E0: MessageBoxW.USER32 ref: 00007FF6331D2AF0
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorLastMessage$ByteCharFormatMultiWide
                                                                                                                                                                                                                                                                    • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                                                                                                    • API String ID: 2920928814-2573406579
                                                                                                                                                                                                                                                                    • Opcode ID: 6472fed7a38855fe53d018715946baf175a16c93e2266fbaa2446d02f1e91665
                                                                                                                                                                                                                                                                    • Instruction ID: 32d933ccfa29fbe0a06ab78e1650da54b6672321ad1588b346b3aae1928a84aa
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6472fed7a38855fe53d018715946baf175a16c93e2266fbaa2446d02f1e91665
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A3215071A0CA4282F7249F15E85627A73A5FF89385F844235D64EE37A8EF7CE145E700
                                                                                                                                                                                                                                                                    Function 00007FF6331DC57C Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3140674995-0
                                                                                                                                                                                                                                                                    • Opcode ID: 2f0e84db8cb7341a902ef28a41a93ef6eb2637ed36960dc0fb1294147411c1b9
                                                                                                                                                                                                                                                                    • Instruction ID: 976d90a2ed8990c3446d2c7c57ea01e6edc3de40a8655913e430cf64e6040cb5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f0e84db8cb7341a902ef28a41a93ef6eb2637ed36960dc0fb1294147411c1b9
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 26317C72608B818AEB609F60E8513FE73A1FB85744F44853ADA4E97B98DF38D248C700
                                                                                                                                                                                                                                                                    Function 00007FF6331EABD8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1239891234-0
                                                                                                                                                                                                                                                                    • Opcode ID: 4ac1c30ff9e2098ff7eaac683efdfbba3e64979dbffe5e0d25534f02cf004e64
                                                                                                                                                                                                                                                                    • Instruction ID: b7dea1ac97e42b8dcd57cdc5e35fbdc4a490454c71bebed2582e857801598fcd
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ac1c30ff9e2098ff7eaac683efdfbba3e64979dbffe5e0d25534f02cf004e64
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EC315F32618F8186EB60DF25E8412AE73A4FB89794F504235EA9E93B99DF3CD545CB00
                                                                                                                                                                                                                                                                    Function 00007FF6331F1EE4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2227656907-0
                                                                                                                                                                                                                                                                    • Opcode ID: e601e72e586d0b4de4a5ebf73eb2eb015632a136167348e3e84c4a74a70f75b2
                                                                                                                                                                                                                                                                    • Instruction ID: 190d317231391ec187e78821bea5265fcb2b8a525d3421ebf83c49f1bf8a994f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e601e72e586d0b4de4a5ebf73eb2eb015632a136167348e3e84c4a74a70f75b2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36B1D426B1C68641EB60DB2298125BAB3D1EF44BE4F445231EE5EA7BC5DF3CE446E300
                                                                                                                                                                                                                                                                    Function 00007FF6331DC460 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                                                                                                                                                    • Opcode ID: d807bcf8cbcf5afbec6ed78c6a62c7f595d782d60191141b96be5bff8736c763
                                                                                                                                                                                                                                                                    • Instruction ID: c5ec6446103f8891d2e733ca4623dacae6f2c8bb67790a491406d0629bbce825
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d807bcf8cbcf5afbec6ed78c6a62c7f595d782d60191141b96be5bff8736c763
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1115E36B14F068AFB00CF60E8562B933A4FB19758F441E31DA6D967A4DF7CE1989380
                                                                                                                                                                                                                                                                    Function 00007FF6331F4280 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: memcpy_s
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1502251526-0
                                                                                                                                                                                                                                                                    • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                                                    • Instruction ID: 5fc870d00730d9f3711cb2fb50854d4b315bc7c34508bf0f28f75e54bb1911b7
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 78C1E172B1D68687EB24CF19A04566AB7E1F794B84F458234DB4EA3744DF3CE881EB40
                                                                                                                                                                                                                                                                    Function 00007FF6331F9FF8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 15204871-0
                                                                                                                                                                                                                                                                    • Opcode ID: b4cdb5d9b405a5f2b155a4653528c407a9956d0b6218a393af626003cf1b5a24
                                                                                                                                                                                                                                                                    • Instruction ID: 83d8d01378e9f5d2755c8f17394d866ebb15345ac5df4231a8214a1a5586e4be
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b4cdb5d9b405a5f2b155a4653528c407a9956d0b6218a393af626003cf1b5a24
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9AB10673614B898AEB55CF29C8863687BE0F784F48F198A21DA5D837A4CF3ED451DB00
                                                                                                                                                                                                                                                                    Function 00007FF6331D88D0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                    • Opcode ID: 61dd1ed1e1c953fe7bf24916078f2f4a3db137be7e9bcdd6edf362509e7e8552
                                                                                                                                                                                                                                                                    • Instruction ID: 50338b9b955ea06f73b4a4f95d7e15f3fe8a8ce96f06c925ce8bdd060f99b996
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61dd1ed1e1c953fe7bf24916078f2f4a3db137be7e9bcdd6edf362509e7e8552
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46F08C32A1C68586E7A08F64B49A76A73A0EF85724F404335D6AE527E4DF7CD048AA00
                                                                                                                                                                                                                                                                    Function 00007FF6331E3AE4 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: $
                                                                                                                                                                                                                                                                    • API String ID: 0-227171996
                                                                                                                                                                                                                                                                    • Opcode ID: 631a3e48eb673e1850d57232dc56befdf755ff5fd67b38a64b6ca9c49a913018
                                                                                                                                                                                                                                                                    • Instruction ID: 4060183f273857ea5a400653b75c1e554974f4d601250de3e156642a698f5721
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 631a3e48eb673e1850d57232dc56befdf755ff5fd67b38a64b6ca9c49a913018
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51E1B532A0875682EB688F25815213D73A0FF45B58F147A36DA0EA7B94DF3BE851E740
                                                                                                                                                                                                                                                                    Function 00007FF6331EE4B0 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: e+000$gfff
                                                                                                                                                                                                                                                                    • API String ID: 0-3030954782
                                                                                                                                                                                                                                                                    • Opcode ID: 95f5c728ca916dfdd01defb08dd518f9d9b28e517fc4b7b4370436378f7798ef
                                                                                                                                                                                                                                                                    • Instruction ID: f07c289895cc22a2683009b326c868d2eef7679b22d498a28cc39a9f7231a82c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 95f5c728ca916dfdd01defb08dd518f9d9b28e517fc4b7b4370436378f7798ef
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1D518726B183C182E7348E39D902769BB91EB44B94F48A231CBAC97FE5DF3ED0449700
                                                                                                                                                                                                                                                                    Function 00007FF6331F0F38 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1010374628-0
                                                                                                                                                                                                                                                                    • Opcode ID: 4b7c577155937df3467bd9cdd4550942c9176b8fc8785c5dc3f7c97a7b0e1b3f
                                                                                                                                                                                                                                                                    • Instruction ID: 5f1e8c4f2571d8bd3a61b5ea3191d50cbce704c42911f6b3d7f597c465188a41
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b7c577155937df3467bd9cdd4550942c9176b8fc8785c5dc3f7c97a7b0e1b3f
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5302BE21F0D74741FAA4AB22A54327936D4AF41BA0F498735ED6EE77D2DE7EE401A300
                                                                                                                                                                                                                                                                    Function 00007FF6331EE01C Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: gfffffff
                                                                                                                                                                                                                                                                    • API String ID: 0-1523873471
                                                                                                                                                                                                                                                                    • Opcode ID: da57d4f04fe3a59080078ae7a8b70c1646e0beb0550e210eb96496c016bfbe06
                                                                                                                                                                                                                                                                    • Instruction ID: 53528cef7054a30efeb1d3904e66659039d2f5dd79832fa520a5d73126915e2d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da57d4f04fe3a59080078ae7a8b70c1646e0beb0550e210eb96496c016bfbe06
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2A17663B087C686EB31CF29A4017ADBB91AB54BC0F04A131DE8D97BA5DE3EE501D311
                                                                                                                                                                                                                                                                    Function 00007FF6331E86D0 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID: TMP
                                                                                                                                                                                                                                                                    • API String ID: 3215553584-3125297090
                                                                                                                                                                                                                                                                    • Opcode ID: cf0abd2c7e4acdbc7dd987358b9028f2a59d8daca936b72b1b12d96a797a3aac
                                                                                                                                                                                                                                                                    • Instruction ID: 0035f4e3d972dfdd8d49e53c59f8920aeeff5413a24c03ebfe613d6579de949d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf0abd2c7e4acdbc7dd987358b9028f2a59d8daca936b72b1b12d96a797a3aac
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8751D011F0875241FA68AB27591357AB291AF84FC5F086135DE0EE7FD2EE7EE402B240
                                                                                                                                                                                                                                                                    Function 00007FF6331F3AF0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: HeapProcess
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 54951025-0
                                                                                                                                                                                                                                                                    • Opcode ID: 2a498131316ba0cf2da72d1126b97be92acaa4b08e35d008cc1bd8d186f782f7
                                                                                                                                                                                                                                                                    • Instruction ID: e5e02965c9ae812c94a55e857d369e8094afdeb6d39e8c9aac6de09e98d738cd
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a498131316ba0cf2da72d1126b97be92acaa4b08e35d008cc1bd8d186f782f7
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DEB09230E0BA46C6EB882B156D8721422A47F48B00F948138C50EA1320DE3C20B56700
                                                                                                                                                                                                                                                                    Function 00007FF6331E36E0 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 208e6a978d65b3df04c2d2163cfe11b9ca3e791e60348233d6b397c6ac133608
                                                                                                                                                                                                                                                                    • Instruction ID: 19c2b409d930ac36366c710cd8863c5a56be10809838ee3c8d054fb03de6f9e6
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 208e6a978d65b3df04c2d2163cfe11b9ca3e791e60348233d6b397c6ac133608
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D9D1C162E0874286EB688A29805667D37A0EF45B48F147A35CE0DA7FD5CF3FE845E740
                                                                                                                                                                                                                                                                    Function 00007FF6331D8FD0 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 926518188b614a96dab23eca74cd6fab0ac352dd7b9dabb22d14e7e66e5c8c54
                                                                                                                                                                                                                                                                    • Instruction ID: b2d52380eb45cc597edb3b6dbd18da545271ab50771b32b787fd5efc9b92464d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 926518188b614a96dab23eca74cd6fab0ac352dd7b9dabb22d14e7e66e5c8c54
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E5C116322142F04BD698EB29E45947A33E5FBAA349BD5403BEB874B7C5CA3CE414E750
                                                                                                                                                                                                                                                                    Function 00007FF6331E2D50 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: b67fe5c4df14f10fbabbc179396d5558260dc0a4d214c0f6109c6307dd6f74d9
                                                                                                                                                                                                                                                                    • Instruction ID: 64271389b81cd109b8ce3f15412f108c3ba03138a0e3d3a0bb21f7f698f2a628
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b67fe5c4df14f10fbabbc179396d5558260dc0a4d214c0f6109c6307dd6f74d9
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 01B19C7290879585E7659F39C06223C7BA0F749F48F282235CA8EA7B95CF3BD452E740
                                                                                                                                                                                                                                                                    Function 00007FF6331EEB30 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 41de09fd609196546d8b05baa0994189bc53ea50dddfb86cdccda31fca7eba1c
                                                                                                                                                                                                                                                                    • Instruction ID: b3f22c842e7e151544c4441af3896b479e0c3514a5cc50a5afc85577fc81e1d9
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 41de09fd609196546d8b05baa0994189bc53ea50dddfb86cdccda31fca7eba1c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8812672A0C78146EB74CF19948237A7A91FB85794F145235EA8E93FA9DF3ED400AB10
                                                                                                                                                                                                                                                                    Function 00007FF6331F6D70 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                    • Opcode ID: 14e965909f7280d7a3652a0ca181d92c694a9cf8fd4ee26df7ecbe6e2bc61af1
                                                                                                                                                                                                                                                                    • Instruction ID: 037524f5fa695925fd6c53b4acbd4e8297493a7317c9336e592135823e936bd7
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 14e965909f7280d7a3652a0ca181d92c694a9cf8fd4ee26df7ecbe6e2bc61af1
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC61F623F2C69246FB64CA28C46267977D1AF40764F140739EA2DD7BC6DE7EE805A700
                                                                                                                                                                                                                                                                    Function 00007FF6331E22A4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 3c25247ae15e209603ec1042d904b34171e82564d0ea1a98edeaeffe93ffac02
                                                                                                                                                                                                                                                                    • Instruction ID: c52d4167834db256aac7f0cf148d04f16e6f12db5607afb7cf90d45bb51af490
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3c25247ae15e209603ec1042d904b34171e82564d0ea1a98edeaeffe93ffac02
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15519437A1875182E7259B29D05163CB7A0EB59F68F246131CE4DA7B94CF3BE843EB40
                                                                                                                                                                                                                                                                    Function 00007FF6331E1A84 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 51394bb55acd0354c6b54540f03649d9a1ed653df3d59b65c3bbefa0f3d6b76a
                                                                                                                                                                                                                                                                    • Instruction ID: 495f12d3bdfb2218f9f97ef8c31b3ece73e760da115b1838566c00abf0dec1bf
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51394bb55acd0354c6b54540f03649d9a1ed653df3d59b65c3bbefa0f3d6b76a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E9518576A18B5186E7A48F29C042238B3B0EB45F68F246131DE4DA7B94DF3BE853D740
                                                                                                                                                                                                                                                                    Function 00007FF6331E1E94 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: fa1e8384b8f9ed93a652e40ff1fad70abf09339abefc5cb7d3385a95e3869c9a
                                                                                                                                                                                                                                                                    • Instruction ID: d43e946cc31a05fff7924e5cdbc67cfa5c11159265a47f03dd91562170ae0f7b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fa1e8384b8f9ed93a652e40ff1fad70abf09339abefc5cb7d3385a95e3869c9a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0451B432A1875186E7648B29C051239B3A0EB49F68F246131DE4DA7BD5CF3BEC53E780
                                                                                                                                                                                                                                                                    Function 00007FF6331E1C90 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: d4595b9fb9fef9db7488d00d8b5cf28c2737f3b7c2e6c847ec82cdef55389f28
                                                                                                                                                                                                                                                                    • Instruction ID: 489c17a53b7cd93222bc768733f261e6bb2b2bc892cd1158add629828b019669
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d4595b9fb9fef9db7488d00d8b5cf28c2737f3b7c2e6c847ec82cdef55389f28
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0851B132A1875186E7A58B29C446378B7A1EB48F58F246131DE4CA7B94CF3BE853D780
                                                                                                                                                                                                                                                                    Function 00007FF6331E20A0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 8494ecf62f03c1d3943c1d589e4c29644468de266d09ee5189585ab02985f6c2
                                                                                                                                                                                                                                                                    • Instruction ID: 3f7bd177bfa2d0f52e9be2ad2ea802482018e7e00fc354fe6773ae124d147080
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8494ecf62f03c1d3943c1d589e4c29644468de266d09ee5189585ab02985f6c2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B351B536A1875681E7249B29C05263CB7A1EB48F58F246131CF4DA7B94CF3BE943E740
                                                                                                                                                                                                                                                                    Function 00007FF6331E1880 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: cbef8b130d79a7ad9bd62ede7a83548c92a3f011a0e32d449ba268992e3839f7
                                                                                                                                                                                                                                                                    • Instruction ID: 84b602cc8807dda051f86267b7982dd0b9c739ddb9043232e8177306e73d63cb
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cbef8b130d79a7ad9bd62ede7a83548c92a3f011a0e32d449ba268992e3839f7
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6519676B1879185E7648B29C04173CB7A1EB89B58F246131CE4DA7B94CF3BE843E740
                                                                                                                                                                                                                                                                    Function 00007FF6331E5F30 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                                                    • Instruction ID: 4529f6d166cd684f2a267b9afdf51a247c5f4972fffaec22ec1091157e156dae
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A3412962C1D75A44E9A98D1C05057B436C09F22BA1E9873B4DD9EF7FCBCE0FA586E200
                                                                                                                                                                                                                                                                    Function 00007FF6331EA430 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 485612231-0
                                                                                                                                                                                                                                                                    • Opcode ID: 2970ddd5f501fe71afef01217e103934546d8fb7f20af68bec1b913dc8647c23
                                                                                                                                                                                                                                                                    • Instruction ID: a0a19256bed655f06a9fae400525ffad501fd189890030c262cc179f23d5474c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2970ddd5f501fe71afef01217e103934546d8fb7f20af68bec1b913dc8647c23
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1041F872714B5581FF18CF2ADA2516973A1BB48FD0B09A136DE0DE7B68DE3DD1869300
                                                                                                                                                                                                                                                                    Function 00007FF6331E7C98 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: d2b002bbc49f8edc76fb8066870c38d7afee558bd2249c300808c44e7bc92a50
                                                                                                                                                                                                                                                                    • Instruction ID: 4f45ad79b5c843ad71f9464faa8179ee548f10ff58fb5532b4c78d63482fdeb7
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d2b002bbc49f8edc76fb8066870c38d7afee558bd2249c300808c44e7bc92a50
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4731A432709B8242F764DB65A84217D76D5BF84BA0F145238EA4DA3BD6DF3DD002A704
                                                                                                                                                                                                                                                                    Function 00007FF6331F9E40 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: dada551c461b21fdad657b6bac4cbdfad31b05eb9b59333086b2e0a15b162055
                                                                                                                                                                                                                                                                    • Instruction ID: 227c424ef32f0966a4d3529358d94575f766a9c432399ee240b29ebc96e01e8f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dada551c461b21fdad657b6bac4cbdfad31b05eb9b59333086b2e0a15b162055
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7F06271F182958ADBA48F29A90362977D0F7483C4F80C079E68DC3F18DA3D90609F04
                                                                                                                                                                                                                                                                    Function 00007FF6331DC760 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 5749315d7b24dceccc8714b5042f108a7de79c1631c17c6a95dc8ed6b888950b
                                                                                                                                                                                                                                                                    • Instruction ID: f841175d61bdad4115e4b7b786830faf1f6aaaa7ddcc64ad28499cd23733a705
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5749315d7b24dceccc8714b5042f108a7de79c1631c17c6a95dc8ed6b888950b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B7A0027190CC46D0EA449B10F8520713370FF52300B504531D00EE12E09F3CB541E300
                                                                                                                                                                                                                                                                    Function 00007FF6331D6EF0 Relevance: 164.8, APIs: 31, Strings: 63, Instructions: 263libraryloaderCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AddressProc
                                                                                                                                                                                                                                                                    • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                                                                    • API String ID: 190572456-2208601799
                                                                                                                                                                                                                                                                    • Opcode ID: 7c721144a29f82c0df2178d2ac20e82e85a8926ad6b3cde14d1131664071774a
                                                                                                                                                                                                                                                                    • Instruction ID: c47ab3034c0ff90ab74f520fcc9a0516e3224de1c59e46a9374b0e955b1a3d64
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c721144a29f82c0df2178d2ac20e82e85a8926ad6b3cde14d1131664071774a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8E1C7B5A1DF0391FA15DB04A8A217473F5AF09790B845235D80EEA7A8EF7CF588B300
                                                                                                                                                                                                                                                                    Function 00007FF6331D12B0 Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 136COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Message_fread_nolock
                                                                                                                                                                                                                                                                    • String ID: %s%c%s$Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$\$fread$fseek$malloc
                                                                                                                                                                                                                                                                    • API String ID: 3065259568-2316137593
                                                                                                                                                                                                                                                                    • Opcode ID: 6120920dc5fb20d9358b37ddbe10fe585d6080085eedeeb0aabd729a0382050f
                                                                                                                                                                                                                                                                    • Instruction ID: fde8e64393d8a54e8eb6df33380d768a54340eecc31755ae49308c30032caf98
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6120920dc5fb20d9358b37ddbe10fe585d6080085eedeeb0aabd729a0382050f
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FF51D471B0868345FAA0A711A8526FA7394EF467D4F808131EE4DE7B96EF3CE545E300
                                                                                                                                                                                                                                                                    Function 00007FF6331D23F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                                                    • String ID: P%
                                                                                                                                                                                                                                                                    • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                                                    • Opcode ID: 7645c0c2d2fce03d3aab2d1fd33ee4a3925b53edade4cf92fedf68089910dc30
                                                                                                                                                                                                                                                                    • Instruction ID: 0f0e4bbf01cc46262dc5f5e35277aaaa6c6abefcbbd4b9f1e27c6f885ae03c51
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7645c0c2d2fce03d3aab2d1fd33ee4a3925b53edade4cf92fedf68089910dc30
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED51B536618BA186D6349F26A4181BBB7A1FB98BA1F004125EFDF83795DF3CD085DB10
                                                                                                                                                                                                                                                                    Function 00007FF6331E67A4 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID: -$:$f$p$p
                                                                                                                                                                                                                                                                    • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                                                                    • Opcode ID: c6ac63e3974c66327622d921c1304357062fd3cb2bcbfe9c56688102bfb98152
                                                                                                                                                                                                                                                                    • Instruction ID: ee8e91ccccfb2cdcc04943e5a65a4a900ccefd0a3af5e406e030333ac3b92adb
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c6ac63e3974c66327622d921c1304357062fd3cb2bcbfe9c56688102bfb98152
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4F12B672E2C34386FB249A14D1566B976A1FB80754FD46035E68DA7FC4DF3EE880AB00
                                                                                                                                                                                                                                                                    Function 00007FF6331E1108 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID: f$f$p$p$f
                                                                                                                                                                                                                                                                    • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                                                                    • Opcode ID: 7160b50ef5c5d9843a5fd5f0d5cd643ebb1f382f7049b3f2f81a6a7c29ab944c
                                                                                                                                                                                                                                                                    • Instruction ID: 241ba55a9a7d867a988f07125a0ff851e9cd2777fadd4560987604f8f9b0c178
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7160b50ef5c5d9843a5fd5f0d5cd643ebb1f382f7049b3f2f81a6a7c29ab944c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8812B576E0C34386FBA49A15D0466B9F291FB40B50F946135E69EA7FC4DF3EE580AB00
                                                                                                                                                                                                                                                                    Function 00007FF6331D15A0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 99COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Message
                                                                                                                                                                                                                                                                    • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                                                    • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                                                                    • Opcode ID: 3112c8aa7d157516fc9cfd8dfe58cfc49b468537f5e8195979a0a0a99cd88a20
                                                                                                                                                                                                                                                                    • Instruction ID: 865f1b4897eb7ac065ed8961915582f04c9b6861994b01babd894092459598e9
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3112c8aa7d157516fc9cfd8dfe58cfc49b468537f5e8195979a0a0a99cd88a20
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E731E221B0864386FEA0DB52E4425BAB3A0FF457D4F489132DE4DA7B95EE7CE542E700
                                                                                                                                                                                                                                                                    Function 00007FF6331DEB00 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                                                                                                                    • API String ID: 849930591-393685449
                                                                                                                                                                                                                                                                    • Opcode ID: 2b2a4badfdaa60d9abfb93841dcb65d735c0fc58e4118d1b5c2a51383b6331b7
                                                                                                                                                                                                                                                                    • Instruction ID: fa7a68bc17478875781746f6fea159b47f4ae92506fd582714ec5dffc945a6e5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b2a4badfdaa60d9abfb93841dcb65d735c0fc58e4118d1b5c2a51383b6331b7
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1E1B072A08B418AEB209F25D4823BD77A0FF46789F144135EE8DA7BA5CF38E590D710
                                                                                                                                                                                                                                                                    Function 00007FF6331EF1D0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF6331EF56A,?,?,0000020DCC826C08,00007FF6331EB317,?,?,?,00007FF6331EB20E,?,?,?,00007FF6331E6452), ref: 00007FF6331EF34C
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF6331EF56A,?,?,0000020DCC826C08,00007FF6331EB317,?,?,?,00007FF6331EB20E,?,?,?,00007FF6331E6452), ref: 00007FF6331EF358
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                    • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                    • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                                                    • Opcode ID: d2429d82f74935346a71535361e23a0a0fd68cfa18870ede5d154c99e1daa8a5
                                                                                                                                                                                                                                                                    • Instruction ID: d316705d0c6a57b9780c3b88b16efd0c198bab61375e52f65d8fabc82e2c0a3f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d2429d82f74935346a71535361e23a0a0fd68cfa18870ede5d154c99e1daa8a5
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1241F261B19B0241FA26CB56A8056753391BF49BE0F4A9235DD1DF7B84DF3DE449E300
                                                                                                                                                                                                                                                                    Function 00007FF6331D86B0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 104COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6331D101D), ref: 00007FF6331D8747
                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6331D101D), ref: 00007FF6331D879E
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide
                                                                                                                                                                                                                                                                    • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                                                                    • API String ID: 626452242-27947307
                                                                                                                                                                                                                                                                    • Opcode ID: 3d8cc197ee630c3fb00dd31b72f24074ca9fe52add05c6a83a64952da4f63ba4
                                                                                                                                                                                                                                                                    • Instruction ID: 39b33436c3947f49790f61992172e96a0170b129bd1fd3a585974446e5187209
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d8cc197ee630c3fb00dd31b72f24074ca9fe52add05c6a83a64952da4f63ba4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 95418032A08B9282E620DF15B84217AB6A1FF85B90F544235DA8DE7BA4DF7CD455E700
                                                                                                                                                                                                                                                                    Function 00007FF6331D8BF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00007FF6331D39EA), ref: 00007FF6331D8C31
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331D29E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6331D87F2,?,?,?,?,?,?,?,?,?,?,?,00007FF6331D101D), ref: 00007FF6331D2A14
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331D29E0: MessageBoxW.USER32 ref: 00007FF6331D2AF0
                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00007FF6331D39EA), ref: 00007FF6331D8CA5
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                                                                                    • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                                                                    • API String ID: 3723044601-27947307
                                                                                                                                                                                                                                                                    • Opcode ID: 93215b2962e715be9f5aa91d99be70836a612e16585fb8aee950a2577366c4a3
                                                                                                                                                                                                                                                                    • Instruction ID: 152f5867948552c144ce7bbc37f6b23e34dc65a21062a77a95f1866f54983711
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 93215b2962e715be9f5aa91d99be70836a612e16585fb8aee950a2577366c4a3
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 50216B31A09B42C5EB10DF26AC421B976A1EF85B90B584635DA4EE37A8EF7CE541A300
                                                                                                                                                                                                                                                                    Function 00007FF6331D75A0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 136COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$_fread_nolock
                                                                                                                                                                                                                                                                    • String ID: %s%c%s$ERROR: file already exists but should not: %s$PYINSTALLER_STRICT_UNPACK_MODE$WARNING: file already exists but should not: %s$\
                                                                                                                                                                                                                                                                    • API String ID: 3231891352-3501660386
                                                                                                                                                                                                                                                                    • Opcode ID: 0c183e133c5fbc1ffe3f319d699f8627423da4d6d465f0011bb75cd22a0eadb8
                                                                                                                                                                                                                                                                    • Instruction ID: 447bcb6d868fd611b671ec4a674aa9c55a642c685fa01a5510c805dd86aba91b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c183e133c5fbc1ffe3f319d699f8627423da4d6d465f0011bb75cd22a0eadb8
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A251A222E0D64341FA50AF26AA572F972919F86BC0F444531FE1DFB7DAEE2CE505A340
                                                                                                                                                                                                                                                                    Function 00007FF6331D7420 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331D8AE0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF6331D2ABB), ref: 00007FF6331D8B1A
                                                                                                                                                                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF6331D79A1,00000000,?,00000000,00000000,?,00007FF6331D154F), ref: 00007FF6331D747F
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331D2B30: MessageBoxW.USER32 ref: 00007FF6331D2C05
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF6331D7493
                                                                                                                                                                                                                                                                    • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF6331D74DA
                                                                                                                                                                                                                                                                    • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF6331D7456
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                                                                    • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                                                                                                                    • API String ID: 1662231829-3498232454
                                                                                                                                                                                                                                                                    • Opcode ID: 5e8575f0beacdb372a81e9debe9bb6d766e8e255e7029f60019f70bf69282784
                                                                                                                                                                                                                                                                    • Instruction ID: a1620f4f02bdb241c1c6b384561761e19b119a7deaaf5b9df972591757d137ae
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e8575f0beacdb372a81e9debe9bb6d766e8e255e7029f60019f70bf69282784
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E31CB12F1C78381FA21EB25E5573BA7291AF997C0F844535EA4EE27D6EE2CE104E700
                                                                                                                                                                                                                                                                    Function 00007FF6331DDDB8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF6331DE06A,?,?,?,00007FF6331DDD5C,?,?,00000001,00007FF6331DD979), ref: 00007FF6331DDE3D
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF6331DE06A,?,?,?,00007FF6331DDD5C,?,?,00000001,00007FF6331DD979), ref: 00007FF6331DDE4B
                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF6331DE06A,?,?,?,00007FF6331DDD5C,?,?,00000001,00007FF6331DD979), ref: 00007FF6331DDE75
                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF6331DE06A,?,?,?,00007FF6331DDD5C,?,?,00000001,00007FF6331DD979), ref: 00007FF6331DDEBB
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF6331DE06A,?,?,?,00007FF6331DDD5C,?,?,00000001,00007FF6331DD979), ref: 00007FF6331DDEC7
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                                                    • String ID: api-ms-
                                                                                                                                                                                                                                                                    • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                                                    • Opcode ID: fa40dd5a34ae4d0b6736a9b6b46f8404287a490a05e4db78c585315ae40f634e
                                                                                                                                                                                                                                                                    • Instruction ID: f3fe2b4f167ec8793823bca534107a4ba0ffb6bcd59f35fd0e458dd9a2cdc085
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fa40dd5a34ae4d0b6736a9b6b46f8404287a490a05e4db78c585315ae40f634e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9431D731B1A742D5EE21EB06A80257973D4BF59BA0F594635DE1DEB380EF3CE4549300
                                                                                                                                                                                                                                                                    Function 00007FF6331D8AE0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF6331D2ABB), ref: 00007FF6331D8B1A
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331D29E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6331D87F2,?,?,?,?,?,?,?,?,?,?,?,00007FF6331D101D), ref: 00007FF6331D2A14
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331D29E0: MessageBoxW.USER32 ref: 00007FF6331D2AF0
                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF6331D2ABB), ref: 00007FF6331D8BA0
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                                                                                    • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                                                                                    • API String ID: 3723044601-876015163
                                                                                                                                                                                                                                                                    • Opcode ID: 2a7f0904e5ec1897560545d2159a663e9c273eaf1fea03a0d1ae7df506dc6c73
                                                                                                                                                                                                                                                                    • Instruction ID: 22d0f7ab473adb7e5f04886704546ad9dc7c2d310c920c900fcbd4447e27e536
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a7f0904e5ec1897560545d2159a663e9c273eaf1fea03a0d1ae7df506dc6c73
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65219762B18A4281EB50DB29F84207AB3A1FF857D8F584231DB5CE3BA9EF2CD5419700
                                                                                                                                                                                                                                                                    Function 00007FF6331EB710 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2506987500-0
                                                                                                                                                                                                                                                                    • Opcode ID: 5e25a57dc3899cb5d9e1114fbc8c557aa55031a2469902f6cab5e8a78f8e35b9
                                                                                                                                                                                                                                                                    • Instruction ID: 2431dd79f1e8e7968856b3f2386cc540af4352fc123da89d360cf78f2a7cd7c4
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e25a57dc3899cb5d9e1114fbc8c557aa55031a2469902f6cab5e8a78f8e35b9
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 05218E24E0E74341FA546731A65713AB2925F44BF0F14A734E93EE6FD6DE2EB8417600
                                                                                                                                                                                                                                                                    Function 00007FF6331F85BC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                                                    • String ID: CONOUT$
                                                                                                                                                                                                                                                                    • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                                                    • Opcode ID: 47774de373198f8681994077b4026dd9a590ed4534763da2009e0dd4878e84a9
                                                                                                                                                                                                                                                                    • Instruction ID: 485c2b8c65f2ab3708bcf7dfeea33e80f0f04bbe5d1850ed32f52a8eb63f138c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 47774de373198f8681994077b4026dd9a590ed4534763da2009e0dd4878e84a9
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BB118B31A18A428AE7509B42E85672A76E4FB88FE4F044334EA1ED77A4CF7CE8548740
                                                                                                                                                                                                                                                                    Function 00007FF6331EB888 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF6331E54CD,?,?,?,?,00007FF6331EF1BF,?,?,00000000,00007FF6331EB9A6,?,?,?), ref: 00007FF6331EB897
                                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6331E54CD,?,?,?,?,00007FF6331EF1BF,?,?,00000000,00007FF6331EB9A6,?,?,?), ref: 00007FF6331EB8CD
                                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6331E54CD,?,?,?,?,00007FF6331EF1BF,?,?,00000000,00007FF6331EB9A6,?,?,?), ref: 00007FF6331EB8FA
                                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6331E54CD,?,?,?,?,00007FF6331EF1BF,?,?,00000000,00007FF6331EB9A6,?,?,?), ref: 00007FF6331EB90B
                                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6331E54CD,?,?,?,?,00007FF6331EF1BF,?,?,00000000,00007FF6331EB9A6,?,?,?), ref: 00007FF6331EB91C
                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(?,?,?,00007FF6331E54CD,?,?,?,?,00007FF6331EF1BF,?,?,00000000,00007FF6331EB9A6,?,?,?), ref: 00007FF6331EB937
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2506987500-0
                                                                                                                                                                                                                                                                    • Opcode ID: 941158fb4e6d3a9375e13d6d10033e8ffcdbbced4d4dd5e625aa307a16b34608
                                                                                                                                                                                                                                                                    • Instruction ID: 0609f4162c4751f6b8e272383ec84e6f74de7a4b79d179fdf4518c0eb49d9ecf
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 941158fb4e6d3a9375e13d6d10033e8ffcdbbced4d4dd5e625aa307a16b34608
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E118E64A0E74242FA146731969713A72919F44BB0F04A734E83EE6FD6DE2DA4416600
                                                                                                                                                                                                                                                                    Function 00007FF6331DD778 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                                                                    • String ID: csm$f
                                                                                                                                                                                                                                                                    • API String ID: 2395640692-629598281
                                                                                                                                                                                                                                                                    • Opcode ID: c8f7f253a213423ff5db8842e39d1181b4fa0cc0edf0f0e27fe70a45a9ca17df
                                                                                                                                                                                                                                                                    • Instruction ID: 86277e6e1daa47641a8020f63737081fb6d943d769ebacdbf1d8b27caf3085f3
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c8f7f253a213423ff5db8842e39d1181b4fa0cc0edf0f0e27fe70a45a9ca17df
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5510332B19602CAEB19DF25E405A393795FF82B98F508134EE4EA7788DF39E841D704
                                                                                                                                                                                                                                                                    Function 00007FF6331D2600 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                                                                    • String ID: Unhandled exception in script
                                                                                                                                                                                                                                                                    • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                                                                    • Opcode ID: ef2f79dabe8b940bf64869f24e404b0ac86445532df2e67e8084f44f9f65f5c2
                                                                                                                                                                                                                                                                    • Instruction ID: fc4e2d376a4abef073b8d2cd753b8fc4d393b712d991d04c464faf6aaa6412be
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef2f79dabe8b940bf64869f24e404b0ac86445532df2e67e8084f44f9f65f5c2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8318032A19A8285EB20EF25E8562FA73A0FF89784F404135EA4E9BB59DF3CD145D700
                                                                                                                                                                                                                                                                    Function 00007FF6331D29E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69windowCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6331D87F2,?,?,?,?,?,?,?,?,?,?,?,00007FF6331D101D), ref: 00007FF6331D2A14
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331D8560: GetLastError.KERNEL32(00000000,00007FF6331D2A5E,?,?,?,?,?,?,?,?,?,?,?,00007FF6331D101D), ref: 00007FF6331D8587
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331D8560: FormatMessageW.KERNEL32 ref: 00007FF6331D85B6
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331D8AE0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF6331D2ABB), ref: 00007FF6331D8B1A
                                                                                                                                                                                                                                                                    • MessageBoxW.USER32 ref: 00007FF6331D2AF0
                                                                                                                                                                                                                                                                    • MessageBoxA.USER32 ref: 00007FF6331D2B0C
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Message$ErrorLast$ByteCharFormatMultiWide
                                                                                                                                                                                                                                                                    • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                                                                    • API String ID: 2806210788-2410924014
                                                                                                                                                                                                                                                                    • Opcode ID: c01ac0bbfceecfac493be67ae1d6a2211250b6a817a0c50f994bc812b65e1c92
                                                                                                                                                                                                                                                                    • Instruction ID: 95a7ab83a56e0345d5da500a52726853a1477739adcf380e72d62cdce69be420
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c01ac0bbfceecfac493be67ae1d6a2211250b6a817a0c50f994bc812b65e1c92
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE316072628A8281E630DB10E4526EB73A4FF857C4F409136EA8DA3B99DF3CD645DB40
                                                                                                                                                                                                                                                                    Function 00007FF6331EA018 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                    • Opcode ID: bbe3d75c1d18d9b252fc65a249d413b32bc9fbcf71b4c61f8ce4d80949566840
                                                                                                                                                                                                                                                                    • Instruction ID: eb318fc140f3159debe66aed9aacbb9dfbd823585fa43e78c618db9777cd516c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bbe3d75c1d18d9b252fc65a249d413b32bc9fbcf71b4c61f8ce4d80949566840
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5FF06275A09B0281FB109B24E85637A73B0EF48761F545335D56E967E4CF3DD488E350
                                                                                                                                                                                                                                                                    Function 00007FF6331F9C40 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _set_statfp
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1156100317-0
                                                                                                                                                                                                                                                                    • Opcode ID: a62d4fcbb0970871e45180a1f834c32a3c4d190302dd8db61346826940fa499d
                                                                                                                                                                                                                                                                    • Instruction ID: 8d19f555ed70357c8e35e6e6b4b070555f3bf626b8a19a3d7d17d7c5e5b59b65
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a62d4fcbb0970871e45180a1f834c32a3c4d190302dd8db61346826940fa499d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62118E72E1CE8301F6643169E95737934C06F9A370F080734EA6EEA3DACE2DB8847204
                                                                                                                                                                                                                                                                    Function 00007FF6331EB950 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • FlsGetValue.KERNEL32(?,?,?,00007FF6331EAB67,?,?,00000000,00007FF6331EAE02,?,?,?,?,?,00007FF6331E30CC), ref: 00007FF6331EB96F
                                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6331EAB67,?,?,00000000,00007FF6331EAE02,?,?,?,?,?,00007FF6331E30CC), ref: 00007FF6331EB98E
                                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6331EAB67,?,?,00000000,00007FF6331EAE02,?,?,?,?,?,00007FF6331E30CC), ref: 00007FF6331EB9B6
                                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6331EAB67,?,?,00000000,00007FF6331EAE02,?,?,?,?,?,00007FF6331E30CC), ref: 00007FF6331EB9C7
                                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6331EAB67,?,?,00000000,00007FF6331EAE02,?,?,?,?,?,00007FF6331E30CC), ref: 00007FF6331EB9D8
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Value
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                                                                                                                                                    • Opcode ID: 4fc6ccaa14371e387e5c22fb95057e46c3ade10dd54edcd3ce0e48e5b46d1de5
                                                                                                                                                                                                                                                                    • Instruction ID: 2c35eff52136f173ce8e5a2a2a633cbc53c66bc28f6f382c1dd79a07f61f9666
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4fc6ccaa14371e387e5c22fb95057e46c3ade10dd54edcd3ce0e48e5b46d1de5
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 811181A0F0D74241FA589736A65317AB2515F44BF0F04A334F87EE6FD6DE2DE481A600
                                                                                                                                                                                                                                                                    Function 00007FF6331EB7E4 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Value
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                                                                                                                                                    • Opcode ID: 64fe73475c7f3c5e3ff0e30dd8e21900901c314ca9004384e47b330d372873f3
                                                                                                                                                                                                                                                                    • Instruction ID: c56acf2adfa97bac83a6f21930a23d29ca7939fc8f8ddda4c2e9591fe10daa37
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 64fe73475c7f3c5e3ff0e30dd8e21900901c314ca9004384e47b330d372873f3
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30117924E0E30742FA686731596357A72814F40BB0F08B734E83EEABD3DD2EB841B601
                                                                                                                                                                                                                                                                    Function 00007FF6331E64B4 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID: verbose
                                                                                                                                                                                                                                                                    • API String ID: 3215553584-579935070
                                                                                                                                                                                                                                                                    • Opcode ID: ad3fface7d4b2ce3aa9510f497705372120eac90acd968bb25d3a192cbea6c12
                                                                                                                                                                                                                                                                    • Instruction ID: 6ec1b3f2d8bef4f27563e94db24cc2d406f7e645169a44106510b8165e5e2c57
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ad3fface7d4b2ce3aa9510f497705372120eac90acd968bb25d3a192cbea6c12
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D91D032A28B4681F7218E25D45237D37A1AF44B94FC46136DA5EE7BD5DF3EE841A300
                                                                                                                                                                                                                                                                    Function 00007FF6331F05A8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                                                    • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                                                    • Opcode ID: 1a54e2a2b62d6839c513ace75884cea9e48035532f3c44be9a18c4b4dcf643eb
                                                                                                                                                                                                                                                                    • Instruction ID: 98ebf43ccd06fde259766eb1964642c172d932773f5baf74558578e07248df5a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a54e2a2b62d6839c513ace75884cea9e48035532f3c44be9a18c4b4dcf643eb
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA81C276E0C24285FB748F25C61227836E0AB10B88F958335CA8EF7395DF2DE941BB41
                                                                                                                                                                                                                                                                    Function 00007FF6331DEFD8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                                                                                                    • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                                                    • Opcode ID: 37ce56c1d967fba8f41503b71a699ba51a6fbc199d8f022e66d4a2d7a57293db
                                                                                                                                                                                                                                                                    • Instruction ID: 019c902b6bd967694bb66e4ea6bc9f9c544c114d9e9b83aa05925815a1c7525d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 37ce56c1d967fba8f41503b71a699ba51a6fbc199d8f022e66d4a2d7a57293db
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48614B37A08B458AEB208F65E4813BD77A0FB49B88F144225EF4D67B99DF38E155D700
                                                                                                                                                                                                                                                                    Function 00007FF6331DF334 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                                                    • String ID: csm$csm
                                                                                                                                                                                                                                                                    • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                                                    • Opcode ID: 80d5d2ed719ea387a00afc8e5c38e85421d4b0de11d669121429011e6c75d481
                                                                                                                                                                                                                                                                    • Instruction ID: 4125a6e140077cdac669b9fb8fd21e07fc782c2b50979f005c943e9970974847
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 80d5d2ed719ea387a00afc8e5c38e85421d4b0de11d669121429011e6c75d481
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8051AF32A0828286EB748F11956637877A0FF46B94F144235DA9DE7BD5CF3CE660EB00
                                                                                                                                                                                                                                                                    Function 00007FF6331D2890 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69windowCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                                                    • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                                                                    • API String ID: 1878133881-2410924014
                                                                                                                                                                                                                                                                    • Opcode ID: e8e3c511841a02337865787422672dc7088828a74b651abb3bad42d47e8d3758
                                                                                                                                                                                                                                                                    • Instruction ID: 8c22c54cfd50049c19ca618f5452a3134eee3bd362c024296996a2e2a69662f2
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e8e3c511841a02337865787422672dc7088828a74b651abb3bad42d47e8d3758
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D31547262868281E634DB11E4526EB73A4FF847C4F809136E68DA7B99DF3CD705DB40
                                                                                                                                                                                                                                                                    Function 00007FF6331D3EC0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,00007FF6331D39EA), ref: 00007FF6331D3EF1
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331D29E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6331D87F2,?,?,?,?,?,?,?,?,?,?,?,00007FF6331D101D), ref: 00007FF6331D2A14
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331D29E0: MessageBoxW.USER32 ref: 00007FF6331D2AF0
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorFileLastMessageModuleName
                                                                                                                                                                                                                                                                    • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                                                                                                    • API String ID: 2581892565-1977442011
                                                                                                                                                                                                                                                                    • Opcode ID: 227eff0bc0a0d80c8f8e7ebb06cca3199172163df290dc8daf9e61b6ec9130a6
                                                                                                                                                                                                                                                                    • Instruction ID: 39ffb5de7bb081834555ff76c3bc05314c23d24c0c5221f50ae078bfb0215ab0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 227eff0bc0a0d80c8f8e7ebb06cca3199172163df290dc8daf9e61b6ec9130a6
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F301A731B2D64641FA609720E8573B672A1AF4D7C4F800535D84EEA392EE1CE146B700
                                                                                                                                                                                                                                                                    Function 00007FF6331ECB60 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2718003287-0
                                                                                                                                                                                                                                                                    • Opcode ID: 9513e67bca3e1584d4e6c680d6c879e0cc2bad3dff94493eb0c92e1d92f8606a
                                                                                                                                                                                                                                                                    • Instruction ID: 41c42fb0fbe38b011259c1775fab12b717f11b1763f8ed7ff94cd5ca217a985c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9513e67bca3e1584d4e6c680d6c879e0cc2bad3dff94493eb0c92e1d92f8606a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 84D11172B18B8189E710CFB9D8412AC37B1FB54BD8B049236DE5DA7B99DE39E406D340
                                                                                                                                                                                                                                                                    Function 00007FF6331D2330 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1956198572-0
                                                                                                                                                                                                                                                                    • Opcode ID: ecac84c754e5eddc26d74cef75c58701df5fcac281216c238072f9f7c8686c02
                                                                                                                                                                                                                                                                    • Instruction ID: e7b4c3b7f3d37178d4b6632ca8e223b6946282705922d563b16967132a91d20e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ecac84c754e5eddc26d74cef75c58701df5fcac281216c238072f9f7c8686c02
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E811CC31E0814242FB54976AF54627A72D1EF8DB80F44C130DA5D57F9ECD7CD4C66600
                                                                                                                                                                                                                                                                    Function 00007FF6331F628C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID: ?
                                                                                                                                                                                                                                                                    • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                                                    • Opcode ID: 17ef38b8e319b62c4683ba5c2bd00e0c19603a4e78082bfdfdcdf9d98f8fed33
                                                                                                                                                                                                                                                                    • Instruction ID: dcfaf7712073d6c2a06e5e5c3ab25f24b9b3174349ec10a1bfd722c2ec6c7b2c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 17ef38b8e319b62c4683ba5c2bd00e0c19603a4e78082bfdfdcdf9d98f8fed33
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E4411522A2878242FB249B25E44637A7BE0EF90BA4F144335EE9C96BD9DF3DD441D700
                                                                                                                                                                                                                                                                    Function 00007FF6331E95A4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6331E95D6
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331EAF0C: RtlFreeHeap.NTDLL(?,?,?,00007FF6331F3392,?,?,?,00007FF6331F33CF,?,?,00000000,00007FF6331F3895,?,?,00000000,00007FF6331F37C7), ref: 00007FF6331EAF22
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6331EAF0C: GetLastError.KERNEL32(?,?,?,00007FF6331F3392,?,?,?,00007FF6331F33CF,?,?,00000000,00007FF6331F3895,?,?,00000000,00007FF6331F37C7), ref: 00007FF6331EAF2C
                                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF6331DBFE5), ref: 00007FF6331E95F4
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID: C:\Users\user\Desktop\MkWMm5piE5.exe
                                                                                                                                                                                                                                                                    • API String ID: 3580290477-2724602364
                                                                                                                                                                                                                                                                    • Opcode ID: 72bea691884ec75b0bcc04dadd89fc5e2ba2839e886db2c4c4036b89f533388c
                                                                                                                                                                                                                                                                    • Instruction ID: 1d440d27a39c2e1d1072218e2cd572689886f22f9642e87a3c2baa8d4b3022ce
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 72bea691884ec75b0bcc04dadd89fc5e2ba2839e886db2c4c4036b89f533388c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30418F72E08B428AEB54DF2295820BD37A4EF847C4B545036ED8E97F85DF3EE481A300
                                                                                                                                                                                                                                                                    Function 00007FF6331ED1F8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                                    • String ID: U
                                                                                                                                                                                                                                                                    • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                                                    • Opcode ID: c155d3c2efe6fcc9017d536d5590e74356888db1e245345eaaebbd58f2ba0871
                                                                                                                                                                                                                                                                    • Instruction ID: 1c2ae482d3a16bf048b37caf5e65d0d64fa55a749c11c17045a37c7e6ffcd5c2
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c155d3c2efe6fcc9017d536d5590e74356888db1e245345eaaebbd58f2ba0871
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7041B072A18B8286EB208F25E4453AA77A0FB88B94F804135EE4DD7B98DF3DE441D740
                                                                                                                                                                                                                                                                    Function 00007FF6331EF918 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CurrentDirectory
                                                                                                                                                                                                                                                                    • String ID: :
                                                                                                                                                                                                                                                                    • API String ID: 1611563598-336475711
                                                                                                                                                                                                                                                                    • Opcode ID: 4482f0b2aa88d097fa4b172b4d0b9d8fa621ceaf6a6e580bcf5a02da10cef38f
                                                                                                                                                                                                                                                                    • Instruction ID: eebcbc3a993c250e13c806f1ee464f30a7c7b32f185fb3e4575501d57b48eb25
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4482f0b2aa88d097fa4b172b4d0b9d8fa621ceaf6a6e580bcf5a02da10cef38f
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8421E432A0878182EB249B15D04627E73B1FB84B88F968135EA8D93BC4DF7DE945D741
                                                                                                                                                                                                                                                                    Function 00007FF6331D2C50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57windowCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                                                    • String ID: Error detected
                                                                                                                                                                                                                                                                    • API String ID: 1878133881-3513342764
                                                                                                                                                                                                                                                                    • Opcode ID: 93d1fdc723546ae567f8218d0d5003b65100b09b9274e520b1b2c374812bf196
                                                                                                                                                                                                                                                                    • Instruction ID: d005a288c56f877a0f1a3d2a8c9c98b7892c406522c8495f6da3420f610727e5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 93d1fdc723546ae567f8218d0d5003b65100b09b9274e520b1b2c374812bf196
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC217972628A8591E720D711F4926EB7364FF857C4F805135D64DA7B69DF3CD205D700
                                                                                                                                                                                                                                                                    Function 00007FF6331D2B30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57windowCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                                                    • String ID: Fatal error detected
                                                                                                                                                                                                                                                                    • API String ID: 1878133881-4025702859
                                                                                                                                                                                                                                                                    • Opcode ID: 63802d79dfeaf9ba572d8d5d5ffec4a1fc362ac500ecb438f71a9def6701a566
                                                                                                                                                                                                                                                                    • Instruction ID: a90a6e096eb6825dbd82ee1b5d90637aa1db044127c59cb2fa4fa87da09f90ff
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 63802d79dfeaf9ba572d8d5d5ffec4a1fc362ac500ecb438f71a9def6701a566
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7216272628A8291E720DB11F4526EBB3A4FF85784F805135E68DA7BA9DF3CD205DB00
                                                                                                                                                                                                                                                                    Function 00007FF6331DFE80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                                    • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                                                    • Opcode ID: 010ed9957d99c3a93ebfd805af8ad73f2bfdfbf7bf3eba5be717857b77bb313e
                                                                                                                                                                                                                                                                    • Instruction ID: 2eb40e30f96d9ba42260c1cd0e075c4b66459f4cbd2fa90b686f15b016c30a73
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 010ed9957d99c3a93ebfd805af8ad73f2bfdfbf7bf3eba5be717857b77bb313e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43115B32618B4582EB608F15F45026A77E0FB88B84F598235EE8C97759DF3CD561DB00
                                                                                                                                                                                                                                                                    Function 00007FF6331F041C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3304102421.00007FF6331D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6331D0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304074416.00007FF6331D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304137042.00007FF6331FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF63320E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304173666.00007FF633210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633212000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633237000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3304216538.00007FF633275000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6331d0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID: :
                                                                                                                                                                                                                                                                    • API String ID: 2595371189-336475711
                                                                                                                                                                                                                                                                    • Opcode ID: d56ef0e9341907a819310a39eb36239c8511962549d77217a4abb3fc68a978d5
                                                                                                                                                                                                                                                                    • Instruction ID: 927f983f670e682b5dede949123bf6b27c436fa10eeadeb353a9255a3d95623f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d56ef0e9341907a819310a39eb36239c8511962549d77217a4abb3fc68a978d5
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8401A26291C70786FB20AF60946327E73E0EF84705F805135D54DD6B95EF3DE544EA14

                                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                                    Execution Coverage:0%
                                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                    Signature Coverage:100%
                                                                                                                                                                                                                                                                    Total number of Nodes:2
                                                                                                                                                                                                                                                                    Total number of Limit Nodes:0
                                                                                                                                                                                                                                                                    execution_graph 101615 7ffbaa161490 GetSystemInfo 101616 7ffbaa1614c4 101615->101616

                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                    Function 00007FFBAA161490 Relevance: 1.7, APIs: 1, Instructions: 204COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 0 7ffbaa161490-7ffbaa1614c2 GetSystemInfo 1 7ffbaa1614c8-7ffbaa1614d9 0->1 2 7ffbaa1614c4-7ffbaa1614c6 0->2 3 7ffbaa1614e4-7ffbaa1614f5 1->3 7 7ffbaa1614db 1->7 2->3 5 7ffbaa161500-7ffbaa161503 3->5 6 7ffbaa1614f7-7ffbaa1614fe 3->6 8 7ffbaa161535-7ffbaa161546 5->8 9 7ffbaa161505-7ffbaa16150d 5->9 6->8 7->3 10 7ffbaa161558-7ffbaa16155f 8->10 11 7ffbaa161548-7ffbaa161551 8->11 12 7ffbaa16150f 9->12 13 7ffbaa161524-7ffbaa161528 9->13 14 7ffbaa161561-7ffbaa161563 10->14 15 7ffbaa161565-7ffbaa161576 10->15 11->10 16 7ffbaa161513-7ffbaa161516 12->16 13->8 17 7ffbaa16152a-7ffbaa161531 13->17 19 7ffbaa161588-7ffbaa161592 14->19 24 7ffbaa161581 15->24 25 7ffbaa161578 15->25 16->13 20 7ffbaa161518-7ffbaa161522 16->20 17->8 22 7ffbaa1615a4-7ffbaa1615a7 19->22 23 7ffbaa161594-7ffbaa1615a2 19->23 20->13 20->16 27 7ffbaa1615ef-7ffbaa1615f9 22->27 28 7ffbaa1615a9-7ffbaa1615b1 22->28 26 7ffbaa1615d9-7ffbaa1615dc 23->26 24->19 25->24 26->27 29 7ffbaa1615de-7ffbaa1615ed 26->29 30 7ffbaa161600-7ffbaa161603 27->30 31 7ffbaa1615c8-7ffbaa1615cc 28->31 32 7ffbaa1615b3 28->32 29->30 35 7ffbaa161615-7ffbaa16161c 30->35 36 7ffbaa161605-7ffbaa16160e 30->36 31->26 34 7ffbaa1615ce-7ffbaa1615d5 31->34 33 7ffbaa1615b7-7ffbaa1615ba 32->33 33->31 37 7ffbaa1615bc-7ffbaa1615c6 33->37 34->26 38 7ffbaa161622-7ffbaa161633 35->38 39 7ffbaa16161e-7ffbaa161620 35->39 36->35 37->31 37->33 45 7ffbaa16163e 38->45 46 7ffbaa161635 38->46 41 7ffbaa161645-7ffbaa16164f 39->41 42 7ffbaa161661-7ffbaa161664 41->42 43 7ffbaa161651-7ffbaa16165f 41->43 48 7ffbaa1616ac-7ffbaa1616b6 42->48 49 7ffbaa161666-7ffbaa16166e 42->49 47 7ffbaa161696-7ffbaa161699 43->47 45->41 46->45 47->48 52 7ffbaa16169b-7ffbaa1616aa 47->52 53 7ffbaa1616bd-7ffbaa1616c0 48->53 50 7ffbaa161670 49->50 51 7ffbaa161685-7ffbaa161689 49->51 56 7ffbaa161674-7ffbaa161677 50->56 51->47 57 7ffbaa16168b-7ffbaa161692 51->57 52->53 54 7ffbaa1616d2-7ffbaa1616d9 53->54 55 7ffbaa1616c2-7ffbaa1616cb 53->55 58 7ffbaa1616df-7ffbaa1616f0 54->58 59 7ffbaa1616db-7ffbaa1616dd 54->59 55->54 56->51 60 7ffbaa161679-7ffbaa161683 56->60 57->47 66 7ffbaa1616f2 58->66 67 7ffbaa1616fb 58->67 62 7ffbaa161702-7ffbaa16170c 59->62 60->51 60->56 64 7ffbaa16171e-7ffbaa161721 62->64 65 7ffbaa16170e-7ffbaa16171c 62->65 69 7ffbaa161769-7ffbaa161770 64->69 70 7ffbaa161723-7ffbaa16172b 64->70 68 7ffbaa161753-7ffbaa161756 65->68 66->67 67->62 68->69 71 7ffbaa161758-7ffbaa161767 68->71 72 7ffbaa161777-7ffbaa16177a 69->72 73 7ffbaa161742-7ffbaa161746 70->73 74 7ffbaa16172d 70->74 71->72 77 7ffbaa16177c 72->77 78 7ffbaa161785-7ffbaa16178c 72->78 73->68 76 7ffbaa161748-7ffbaa16174f 73->76 75 7ffbaa161731-7ffbaa161734 74->75 75->73 79 7ffbaa161736-7ffbaa161740 75->79 76->68 77->78 80 7ffbaa1617a1-7ffbaa1617ba 78->80 81 7ffbaa16178e-7ffbaa1617a0 78->81 79->73 79->75
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3308229899.00007FFBAA151000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFBAA150000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308210357.00007FFBAA150000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308324125.00007FFBAA27C000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308355559.00007FFBAA2AA000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308378913.00007FFBAA2AF000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaa150000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: InfoSystem
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 31276548-0
                                                                                                                                                                                                                                                                    • Opcode ID: 92d82e4b214818c158f58746d604a038a40c5e57c576eefab9a689c2dc8594a3
                                                                                                                                                                                                                                                                    • Instruction ID: 7c07f377488e21579511848079dacddeea96509cc186a5241869aad65416e1de
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 92d82e4b214818c158f58746d604a038a40c5e57c576eefab9a689c2dc8594a3
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A3A107B5A0BB02D1FE5B9B65E4503742299BF46F84F1809B5DD0E873A4DF7CA4A39320

                                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                                    Function 00007FFBAAFFB450 Relevance: 91.4, APIs: 46, Strings: 6, Instructions: 371threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 159 7ffbaaffb450-7ffbaaffb49e 160 7ffbaaffb4a3-7ffbaaffb4ba PyTuple_New 159->160 161 7ffbaaffb4a0 159->161 162 7ffbaaffb573 160->162 163 7ffbaaffb4c0-7ffbaaffb4c5 160->163 161->160 164 7ffbaaffb577-7ffbaaffb584 162->164 165 7ffbaaffb4c7-7ffbaaffb4dd 163->165 166 7ffbaaffb523-7ffbaaffb53f PyObject_Call 163->166 168 7ffbaaffb59a-7ffbaaffb5a5 164->168 169 7ffbaaffb586-7ffbaaffb595 memcpy 164->169 170 7ffbaaffb4e1-7ffbaaffb4ed 165->170 166->164 167 7ffbaaffb541-7ffbaaffb559 call 7ffbaaffb3a0 166->167 183 7ffbaaffb97f-7ffbaaffb984 167->183 184 7ffbaaffb55f-7ffbaaffb56a 167->184 174 7ffbaaffb726-7ffbaaffb790 PyErr_Fetch PyErr_NormalizeException PyObject_CallFunctionObjArgs 168->174 175 7ffbaaffb5ab-7ffbaaffb5fe PyErr_Fetch call 7ffbaaff2580 168->175 169->168 172 7ffbaaffb4ef-7ffbaaffb4f9 170->172 173 7ffbaaffb4fb 170->173 172->173 179 7ffbaaffb4fe-7ffbaaffb506 call 7ffbaaff3550 172->179 173->179 176 7ffbaaffb7c5-7ffbaaffb7ce PyErr_Occurred 174->176 177 7ffbaaffb792-7ffbaaffb799 174->177 190 7ffbaaffb617-7ffbaaffb621 PyUnicode_FromFormat 175->190 191 7ffbaaffb600-7ffbaaffb615 PyUnicode_FromFormat 175->191 185 7ffbaaffb7d0-7ffbaaffb7d7 176->185 186 7ffbaaffb82e-7ffbaaffb881 PyErr_Fetch call 7ffbaaff2580 176->186 181 7ffbaaffb7b1-7ffbaaffb7b4 177->181 182 7ffbaaffb79b-7ffbaaffb7ac call 7ffbaaffb3a0 177->182 199 7ffbaaffb508-7ffbaaffb51d 179->199 200 7ffbaaffb56c-7ffbaaffb570 179->200 181->176 193 7ffbaaffb7b6-7ffbaaffb7ba 181->193 182->181 195 7ffbaaffb996-7ffbaaffb999 183->195 196 7ffbaaffb986-7ffbaaffb98b 183->196 184->164 197 7ffbaaffb7e9-7ffbaaffb7f0 185->197 198 7ffbaaffb7d9-7ffbaaffb7db 185->198 218 7ffbaaffb89a-7ffbaaffb8a1 PyUnicode_FromFormat 186->218 219 7ffbaaffb883-7ffbaaffb898 PyUnicode_FromFormat 186->219 201 7ffbaaffb627-7ffbaaffb63f PyErr_Restore 190->201 191->201 193->176 202 7ffbaaffb7bc-7ffbaaffb7bf _Py_Dealloc 193->202 205 7ffbaaffb9b2-7ffbaaffb9b6 195->205 206 7ffbaaffb99b-7ffbaaffb9a0 195->206 196->195 204 7ffbaaffb98d-7ffbaaffb990 _Py_Dealloc 196->204 208 7ffbaaffb803-7ffbaaffb80a 197->208 209 7ffbaaffb7f2-7ffbaaffb7f5 197->209 198->197 207 7ffbaaffb7dd-7ffbaaffb7e1 198->207 199->170 213 7ffbaaffb51f 199->213 200->162 214 7ffbaaffb641-7ffbaaffb658 PyUnicode_AsUTF8 _PyErr_WriteUnraisableMsg 201->214 215 7ffbaaffb66b-7ffbaaffb66e PyErr_WriteUnraisable 201->215 202->176 204->195 210 7ffbaaffb9b8-7ffbaaffb9bc 205->210 211 7ffbaaffb9c7-7ffbaaffb9e1 205->211 206->205 220 7ffbaaffb9a2-7ffbaaffb9a7 206->220 207->197 221 7ffbaaffb7e3 _Py_Dealloc 207->221 216 7ffbaaffb97a-7ffbaaffb97d 208->216 217 7ffbaaffb810-7ffbaaffb813 208->217 209->208 212 7ffbaaffb7f7-7ffbaaffb7fb 209->212 210->211 222 7ffbaaffb9be-7ffbaaffb9c1 _Py_Dealloc 210->222 212->208 223 7ffbaaffb7fd _Py_Dealloc 212->223 213->166 224 7ffbaaffb65a-7ffbaaffb65e 214->224 225 7ffbaaffb674-7ffbaaffb67e PyErr_Clear 214->225 215->225 216->183 216->195 217->216 226 7ffbaaffb819-7ffbaaffb81d 217->226 227 7ffbaaffb8a7-7ffbaaffb8be PyErr_Restore 218->227 219->227 220->205 228 7ffbaaffb9a9-7ffbaaffb9ac _Py_Dealloc 220->228 221->197 222->211 223->208 224->225 229 7ffbaaffb660-7ffbaaffb669 _Py_Dealloc 224->229 225->216 231 7ffbaaffb684-7ffbaaffb689 225->231 226->216 230 7ffbaaffb823-7ffbaaffb829 _Py_Dealloc 226->230 232 7ffbaaffb8ea-7ffbaaffb8ed PyErr_WriteUnraisable 227->232 233 7ffbaaffb8c0-7ffbaaffb8d7 PyUnicode_AsUTF8 _PyErr_WriteUnraisableMsg 227->233 228->205 229->225 230->216 235 7ffbaaffb714-7ffbaaffb721 PyErr_Clear 231->235 236 7ffbaaffb68f-7ffbaaffb6b2 PyRun_StringFlags 231->236 234 7ffbaaffb8f3-7ffbaaffb936 PyErr_Clear PyUnicode_FromFormat PyErr_Restore 232->234 233->234 237 7ffbaaffb8d9-7ffbaaffb8dd 233->237 238 7ffbaaffb938-7ffbaaffb950 PyUnicode_AsUTF8 _PyErr_WriteUnraisableMsg 234->238 239 7ffbaaffb963-7ffbaaffb965 PyErr_WriteUnraisable 234->239 235->216 236->235 240 7ffbaaffb6b4-7ffbaaffb6c9 PyUnicode_AsWideCharString 236->240 237->234 241 7ffbaaffb8df-7ffbaaffb8e8 _Py_Dealloc 237->241 242 7ffbaaffb952-7ffbaaffb956 238->242 243 7ffbaaffb96b-7ffbaaffb975 PyErr_Clear call 7ffbaaff26c0 238->243 239->243 244 7ffbaaffb6f6-7ffbaaffb6f8 240->244 245 7ffbaaffb6cb-7ffbaaffb6eb CreateThread 240->245 241->234 242->243 246 7ffbaaffb958-7ffbaaffb961 _Py_Dealloc 242->246 243->216 249 7ffbaaffb6fa-7ffbaaffb6fe 244->249 250 7ffbaaffb709-7ffbaaffb70f PyErr_Clear 244->250 245->244 248 7ffbaaffb6ed-7ffbaaffb6f0 CloseHandle 245->248 246->243 248->244 249->250 251 7ffbaaffb700-7ffbaaffb703 _Py_Dealloc 249->251 250->216 251->250
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$Dealloc$Unicode_$ClearFormatFromUnraisableWrite$FetchRestoreString$CallObject_$ArgsCharCloseCreateExceptionFlagsFunctionHandleNormalizeOccurredRun_ThreadTuple_Widememcpy
                                                                                                                                                                                                                                                                    • String ID: %c%s%R%s$%c%s%s$, trying to convert the result back to C$done()$rom cffi callback $uring handling of the above exception by 'onerror'
                                                                                                                                                                                                                                                                    • API String ID: 3680899025-2484428055
                                                                                                                                                                                                                                                                    • Opcode ID: dba3765ba91453a0a58cad8537df45f6aa11686bc05bb28dfbc26bd4b3601659
                                                                                                                                                                                                                                                                    • Instruction ID: 05a975ec4187b70e343f3216bf473b1c3338232c2783067f541a9fae9e5c49e5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dba3765ba91453a0a58cad8537df45f6aa11686bc05bb28dfbc26bd4b3601659
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CC023CB2A0AA42DAEB2A9F71E8542BC27A4FF44B99F044135CD1D93764DF3DE45AC310
                                                                                                                                                                                                                                                                    Function 00007FFBAB03DB00 Relevance: 47.4, APIs: 16, Strings: 11, Instructions: 106libraryloadermemoryCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AddressProc$CriticalSection$AllocDeleteFreeHandleInitializeLibraryLoadModule
                                                                                                                                                                                                                                                                    • String ID: AddAccessAllowedAce$AddAccessAllowedAceEx$AddAccessAllowedObjectAce$AddAccessDeniedAce$AddAccessDeniedAceEx$AddAccessDeniedObjectAce$AddAuditAccessAceEx$AddAuditAccessObjectAce$AddMandatoryAce$AdvAPI32.dll$SetSecurityDescriptorControl
                                                                                                                                                                                                                                                                    • API String ID: 3842108915-2689366622
                                                                                                                                                                                                                                                                    • Opcode ID: 00abef228cb45286ba7f1125ddbe3760151564b421905c27eb664f72b636958c
                                                                                                                                                                                                                                                                    • Instruction ID: cd6c836ce0511d6d7567840e7167031dd451ff9b4f468fe414202734b978b6f8
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00abef228cb45286ba7f1125ddbe3760151564b421905c27eb664f72b636958c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 285197B5B4BB0795EA6ADB25FC9453837A0AF46B81B44D13ACC6E42770EF3CA4648700
                                                                                                                                                                                                                                                                    Function 00007FFBAB038B50 Relevance: 43.9, APIs: 17, Strings: 8, Instructions: 163memoryCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Size$Arg_Err_ParseTuple_$Sequence_malloc$ClearReferenceString$AllocateCheckCopyDeallocInitializeLengthTuplememset
                                                                                                                                                                                                                                                                    • String ID: (bbbbbb)O:SID$AllocateAndInitializeSid$SID buffer size beyond INT_MAX$s#:SID$sub authorities must be a sequence of integers.$sub authorities sequence size must be <= 8$|llllllll:SID$|n:SID
                                                                                                                                                                                                                                                                    • API String ID: 2034972351-3682999398
                                                                                                                                                                                                                                                                    • Opcode ID: 525610387b68ad0ded5125966a10e9109dc3d848910984cab617d3c0f64cd283
                                                                                                                                                                                                                                                                    • Instruction ID: a36b53ecca42aa576409cd9a306d3c34e9ca617de30e5c749f133db537a67ed2
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 525610387b68ad0ded5125966a10e9109dc3d848910984cab617d3c0f64cd283
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A28154B6A0AB4299EB25DF31E4442AD33A4FB48788F408536EE5D57B68EF3CD524C740
                                                                                                                                                                                                                                                                    Function 00007FFBAB037CD0 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 127COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: DescriptorSecurityfree$DaclErr_String$Arg_GroupLengthOwnerParseTupleValid
                                                                                                                                                                                                                                                                    • String ID: SetSecurityDescriptorDacl$The object is not a PyACL object$iOi:SetSecurityDescriptorDacl
                                                                                                                                                                                                                                                                    • API String ID: 1359849467-4100764314
                                                                                                                                                                                                                                                                    • Opcode ID: 3e808ce79b7076bcc899e60ba21c05a75609f6a86dc757a742ffb64fe4bf2a7a
                                                                                                                                                                                                                                                                    • Instruction ID: 389d402557eaee6fd93e549fdf2488ea918cb721e98f00e70d2619cd61b048d2
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e808ce79b7076bcc899e60ba21c05a75609f6a86dc757a742ffb64fe4bf2a7a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0A516EB2B0AA0285FB768F71D8445B827B0BF44B84F449432DD2E57A65EF3CE465C304
                                                                                                                                                                                                                                                                    Function 00007FFBAAF51960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3310204753.00007FFBAAF51000.00000020.00000001.01000000.00000030.sdmp, Offset: 00007FFBAAF50000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310175806.00007FFBAAF50000.00000002.00000001.01000000.00000030.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310225778.00007FFBAAF56000.00000002.00000001.01000000.00000030.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310247517.00007FFBAAF5B000.00000002.00000001.01000000.00000030.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaf50000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 313767242-0
                                                                                                                                                                                                                                                                    • Opcode ID: b1f9e4b8cb76c58f9ad273c7ab6db637e490d5b196a1216b4705d07cf26add3e
                                                                                                                                                                                                                                                                    • Instruction ID: 7524876f241dfcb5862cbe80455896eb7add90fc19426546791e70af95aee8e2
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1f9e4b8cb76c58f9ad273c7ab6db637e490d5b196a1216b4705d07cf26add3e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 033161B2605A82C5EB659F70E8403ED7364FB44744F44443ADE4E87A98DF39D549C714
                                                                                                                                                                                                                                                                    Function 00007FFBAAFB1960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311189331.00007FFBAAFB1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FFBAAFB0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311167163.00007FFBAAFB0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311210588.00007FFBAAFB3000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311247848.00007FFBAAFB5000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaafb0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 313767242-0
                                                                                                                                                                                                                                                                    • Opcode ID: 15ab57132a56a43adcf6d314196c4535093efc661be566aed9b6740bd42d3de9
                                                                                                                                                                                                                                                                    • Instruction ID: 178018785618c3e7fbf67c712a4e1f21a63d81125e8cddde3f560ed827414674
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 15ab57132a56a43adcf6d314196c4535093efc661be566aed9b6740bd42d3de9
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA317CB260AB81C9EB658F70E8403E93378FB94348F44403ADE4D83A88DF39D249C724
                                                                                                                                                                                                                                                                    Function 00007FFBAAF91960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3310784681.00007FFBAAF91000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFBAAF90000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310730020.00007FFBAAF90000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310867382.00007FFBAAF92000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310947990.00007FFBAAF94000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaf90000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 313767242-0
                                                                                                                                                                                                                                                                    • Opcode ID: 7e91f6bfd96c29140b0d269c20ca028c10e388d05116ed94df9161a84ec9e0c7
                                                                                                                                                                                                                                                                    • Instruction ID: 82c4fb5f93bb908ef4236cea4c905c7adffb671f7d3e1237f4c045bb0758e274
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e91f6bfd96c29140b0d269c20ca028c10e388d05116ed94df9161a84ec9e0c7
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 153161B260AA81C5EB658F70E8903ED7364FB44744F44403ADE4D87794EF39D549C714
                                                                                                                                                                                                                                                                    Function 00007FFBAB03F674 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 313767242-0
                                                                                                                                                                                                                                                                    • Opcode ID: 7c6bf0f7975bb5c78eaed7d07f2cd1bf6cc38bd7a7bf042adb2f4977370bd02e
                                                                                                                                                                                                                                                                    • Instruction ID: 974ee3248e5e5e9a0e0e0ddbe8d0dcb81d51dc73119da808fb050c0c7ffc958a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c6bf0f7975bb5c78eaed7d07f2cd1bf6cc38bd7a7bf042adb2f4977370bd02e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A315AB260AA818AEB758F70E8403ED3360FB84744F44803ADE5D57AA8EF3CD658C704
                                                                                                                                                                                                                                                                    Function 00007FFBAAF71960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3310435332.00007FFBAAF71000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAAF70000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310414066.00007FFBAAF70000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310520924.00007FFBAAF73000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310541565.00007FFBAAF75000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaf70000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 313767242-0
                                                                                                                                                                                                                                                                    • Opcode ID: 15ab57132a56a43adcf6d314196c4535093efc661be566aed9b6740bd42d3de9
                                                                                                                                                                                                                                                                    • Instruction ID: a1ed8867c6b88b7473bb49665207e8a91a194a176afb9a7da88448ee1e53cbd3
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 15ab57132a56a43adcf6d314196c4535093efc661be566aed9b6740bd42d3de9
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C43181B2605A81D5EB658F70E8403FD7364FB44748F44403ADE4D93694EF39E149C724
                                                                                                                                                                                                                                                                    Function 00007FFBAAFC1960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311289279.00007FFBAAFC1000.00000020.00000001.01000000.00000029.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311268918.00007FFBAAFC0000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311310302.00007FFBAAFC5000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311330045.00007FFBAAFC6000.00000004.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311385032.00007FFBAAFC7000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaafc0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 313767242-0
                                                                                                                                                                                                                                                                    • Opcode ID: 5fe31fd096c1bad991f81fc54a17c152ef0039d236a239c089c20b1045aa1978
                                                                                                                                                                                                                                                                    • Instruction ID: 1af5ac7ac5528fed597ce6c39072f0a12893a0c815c135e2558154222e96494a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5fe31fd096c1bad991f81fc54a17c152ef0039d236a239c089c20b1045aa1978
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2317EB260AA82C9EB658F71E8503E97364FB84744F44403ADA4D83B88DF39D659C724
                                                                                                                                                                                                                                                                    Function 00007FFBAAFC1D40 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 276COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311289279.00007FFBAAFC1000.00000020.00000001.01000000.00000029.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311268918.00007FFBAAFC0000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311310302.00007FFBAAFC5000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311330045.00007FFBAAFC6000.00000004.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311385032.00007FFBAAFC7000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaafc0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: memcpy$_wassert
                                                                                                                                                                                                                                                                    • String ID: D:\a\pycryptodome\pycryptodome\src\hash_SHA2_template.c$hs->curlen < BLOCK_SIZE
                                                                                                                                                                                                                                                                    • API String ID: 4178124637-3286700114
                                                                                                                                                                                                                                                                    • Opcode ID: 6c8687ad2ff289e94dcfd8a461612af8bd826b46b62f56cf6ff31f31de498083
                                                                                                                                                                                                                                                                    • Instruction ID: f195171b1f3a56b035cb7ae498e2effdd2d661295c4555ad6590be183ae60ca5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c8687ad2ff289e94dcfd8a461612af8bd826b46b62f56cf6ff31f31de498083
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64C1D762E19A81C6EB0ACF35C9446FD6365FB95788F009331DE4D97A46EF39E582C310
                                                                                                                                                                                                                                                                    Function 00007FFBAB00AB50 Relevance: 89.5, APIs: 30, Strings: 21, Instructions: 211stringmemorythreadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 252 7ffbab00ab50-7ffbab00ab64 PySys_GetObject 253 7ffbab00af0d-7ffbab00af3c PyErr_Format 252->253 254 7ffbab00ab6a-7ffbab00ab78 252->254 254->253 255 7ffbab00ab7e-7ffbab00ab9f PyUnicode_AsUTF8 strncmp 254->255 255->253 256 7ffbab00aba5-7ffbab00abd6 PyModule_Create2 255->256 257 7ffbab00abdc-7ffbab00abe4 256->257 258 7ffbab00af09-7ffbab00af0b 256->258 260 7ffbab00abfc-7ffbab00ac0f 257->260 261 7ffbab00abe6-7ffbab00abf6 PyDict_New 257->261 259 7ffbab00aed0-7ffbab00aeed 258->259 262 7ffbab00ac11 260->262 263 7ffbab00ac78-7ffbab00ac7f 260->263 261->258 261->260 266 7ffbab00ac13-7ffbab00ac2c strncmp 262->266 264 7ffbab00ac81-7ffbab00ac91 PyUnicode_FromString 263->264 265 7ffbab00acf2-7ffbab00ad0c PyCapsule_New 263->265 264->258 267 7ffbab00ac97-7ffbab00acb0 PyDict_SetItemString 264->267 265->258 268 7ffbab00ad12-7ffbab00ad27 PyModule_AddObject 265->268 269 7ffbab00aeee-7ffbab00af03 PyErr_Format 266->269 270 7ffbab00ac32-7ffbab00ac3d PyType_Ready 266->270 267->258 271 7ffbab00acb6-7ffbab00acc6 PyUnicode_FromString 267->271 268->258 272 7ffbab00ad2d-7ffbab00ad3d PyUnicode_FromString 268->272 269->258 270->258 273 7ffbab00ac43-7ffbab00ac48 270->273 271->258 274 7ffbab00accc-7ffbab00ace5 PyDict_SetItemString 271->274 272->258 275 7ffbab00ad43-7ffbab00ad58 PyModule_AddObject 272->275 276 7ffbab00ac4c-7ffbab00ac62 PyModule_AddObject 273->276 277 7ffbab00ac4a 273->277 274->258 279 7ffbab00aceb 274->279 275->258 280 7ffbab00ad5e-7ffbab00ad76 PyModule_AddIntConstant 275->280 276->258 278 7ffbab00ac68-7ffbab00ac76 276->278 277->276 278->263 278->266 279->265 280->258 281 7ffbab00ad7c-7ffbab00ad94 PyModule_AddIntConstant 280->281 281->258 282 7ffbab00ad9a-7ffbab00adb2 PyModule_AddIntConstant 281->282 282->258 283 7ffbab00adb8-7ffbab00adc2 282->283 284 7ffbab00ae03-7ffbab00ae0a 283->284 285 7ffbab00adc4-7ffbab00adc7 283->285 287 7ffbab00ae0c-7ffbab00ae1b TlsAlloc 284->287 288 7ffbab00ae34-7ffbab00ae3d PyErr_Occurred 284->288 286 7ffbab00add0-7ffbab00ade6 PyModule_AddIntConstant 285->286 286->258 289 7ffbab00adec-7ffbab00ae01 286->289 287->288 290 7ffbab00ae1d-7ffbab00ae2e PyErr_SetString 287->290 288->258 291 7ffbab00ae43-7ffbab00ae68 PyThread_allocate_lock 288->291 289->284 289->286 290->288 292 7ffbab00ae81-7ffbab00ae8a PyErr_Occurred 291->292 293 7ffbab00ae6a-7ffbab00ae7b PyErr_SetString 291->293 292->258 294 7ffbab00ae8c-7ffbab00ae93 call 7ffbab00a3d0 292->294 293->292 294->258 297 7ffbab00ae95-7ffbab00ae9d 294->297 298 7ffbab00aecd 297->298 299 7ffbab00ae9f-7ffbab00aeaf PyImport_ImportModule 297->299 298->259 299->258 300 7ffbab00aeb1-7ffbab00aecb PyObject_GetAttrString 299->300 300->258 300->298
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Module_String$Err_$ConstantObjectUnicode_$Dict_From$FormatItemOccurredstrncmp$AllocAttrCapsule_Create2ImportImport_ModuleObject_ReadySys_Thread_allocate_lockType_
                                                                                                                                                                                                                                                                    • String ID: '%s' is an ill-formed type name$1$1.16.0$3.12.0b2$<cdata>$FFI_CDECL$FFI_DEFAULT_ABI$TlsAlloc() failed$_C_API$_IOBase$_WIN$__module__$__name__$__version__$_cffi_backend$_cffi_backend.$_io$can't allocate cffi_zombie_lock$cffi$this module was compiled for Python %c%c%c$version
                                                                                                                                                                                                                                                                    • API String ID: 3385652222-906895635
                                                                                                                                                                                                                                                                    • Opcode ID: 41d2292e8d75c2ca34776530f0312aae3a7164146f4ab80ae338a68818af90c6
                                                                                                                                                                                                                                                                    • Instruction ID: caccb6073d3968b50408a19c6ba54ebb4db751d7b4746103e2da93aa26b47a59
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 41d2292e8d75c2ca34776530f0312aae3a7164146f4ab80ae338a68818af90c6
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69B1F5E0A0BA83A1FF268B75E86467427A0BF45B84F44C136CD2E47271EF6CE5798310
                                                                                                                                                                                                                                                                    Function 00007FFBAB03D790 Relevance: 82.4, APIs: 29, Strings: 18, Instructions: 173COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 301 7ffbab03d790-7ffbab03d796 302 7ffbab03d79a call 7ffbab03d370 301->302 303 7ffbab03d79f-7ffbab03d7a2 302->303 304 7ffbab03daec-7ffbab03daf8 303->304 305 7ffbab03d7a8-7ffbab03d7c0 PyModule_Create2 303->305 305->304 306 7ffbab03d7c6-7ffbab03d7d5 PyModule_GetDict 305->306 306->304 307 7ffbab03d7db-7ffbab03d7e5 306->307 308 7ffbab03d7eb-7ffbab03d7f3 307->308 309 7ffbab03dad5-7ffbab03dae6 PyErr_SetString 307->309 308->309 310 7ffbab03d7f9-7ffbab03d80c PyDict_SetItemString 308->310 309->304 310->304 311 7ffbab03d812-7ffbab03d82c PyDict_SetItemString 310->311 311->304 312 7ffbab03d832-7ffbab03d84c PyDict_SetItemString 311->312 312->304 313 7ffbab03d852-7ffbab03d86c PyDict_SetItemString 312->313 313->304 314 7ffbab03d872-7ffbab03d88b PyModule_AddIntConstant 313->314 314->304 315 7ffbab03d891-7ffbab03d8ab PyDict_SetItemString 314->315 315->304 316 7ffbab03d8b1-7ffbab03d8cb PyDict_SetItemString 315->316 316->304 317 7ffbab03d8d1-7ffbab03d8e1 PyType_Ready 316->317 317->304 318 7ffbab03d8e7-7ffbab03d901 PyDict_SetItemString 317->318 318->304 319 7ffbab03d907-7ffbab03d917 PyType_Ready 318->319 319->304 320 7ffbab03d91d-7ffbab03d937 PyDict_SetItemString 319->320 320->304 321 7ffbab03d93d-7ffbab03d94d PyType_Ready 320->321 321->304 322 7ffbab03d953-7ffbab03d96d PyDict_SetItemString 321->322 322->304 323 7ffbab03d973-7ffbab03d983 PyType_Ready 322->323 323->304 324 7ffbab03d989-7ffbab03d9a3 PyDict_SetItemString 323->324 324->304 325 7ffbab03d9a9-7ffbab03d9b9 PyType_Ready 324->325 325->304 326 7ffbab03d9bf-7ffbab03d9d9 PyDict_SetItemString 325->326 326->304 327 7ffbab03d9df-7ffbab03d9ef PyType_Ready 326->327 327->304 328 7ffbab03d9f5-7ffbab03da0f PyDict_SetItemString 327->328 328->304 329 7ffbab03da15-7ffbab03da25 PyType_Ready 328->329 329->304 330 7ffbab03da2b-7ffbab03da45 PyDict_SetItemString 329->330 330->304 331 7ffbab03da4b-7ffbab03da5b PyType_Ready 330->331 331->304 332 7ffbab03da61-7ffbab03da7b PyDict_SetItemString 331->332 332->304 333 7ffbab03da7d-7ffbab03da97 PyDict_SetItemString 332->333 333->304 334 7ffbab03da99-7ffbab03daa9 PyType_Ready 333->334 334->304 335 7ffbab03daab-7ffbab03dac5 PyDict_SetItemString 334->335 335->304 336 7ffbab03dac7-7ffbab03dad4 335->336
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Dict_String$Item$ReadyType_$State_SwapThread$Module_$ErrorFatalFunc$AllocConstantCreate2DeallocDecodeDictErr_LocalUnicode_Value
                                                                                                                                                                                                                                                                    • String ID: ACLType$Could not initialise the error objects$DEVMODEType$DEVMODEWType$FALSE$HANDLEType$IIDType$OVERLAPPEDType$SECURITY_ATTRIBUTESType$SECURITY_DESCRIPTORType$SIDType$TRUE$TimeType$UnicodeType$WAVEFORMATEXType$WAVE_FORMAT_PCM$com_error$error
                                                                                                                                                                                                                                                                    • API String ID: 2302314715-2516578290
                                                                                                                                                                                                                                                                    • Opcode ID: bd69e291b4fc6f872d2f22006123317c71a5d7194922dbda98e03a97dd40cd42
                                                                                                                                                                                                                                                                    • Instruction ID: 3abd32ef1440be1228bf823456c372193f91af4d19fd461b37d9b463bb8c3b53
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd69e291b4fc6f872d2f22006123317c71a5d7194922dbda98e03a97dd40cd42
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0C91CBF190AE0251E63A8B38E9581B82361BF45764F94C771EC3E521F0AF7CE979C244
                                                                                                                                                                                                                                                                    Function 00007FFBAB03D370 Relevance: 80.7, APIs: 33, Strings: 13, Instructions: 186threadmemoryCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 411 7ffbab03d370-7ffbab03d37c 412 7ffbab03d37e-7ffbab03d38c PyThreadState_Swap 411->412 413 7ffbab03d3b4-7ffbab03d3cd LocalAlloc 411->413 414 7ffbab03d38e-7ffbab03d3a2 _Py_FatalErrorFunc 412->414 415 7ffbab03d3a3-7ffbab03d3ae PyThreadState_Swap 412->415 416 7ffbab03d3cf-7ffbab03d3e3 _Py_FatalErrorFunc 413->416 417 7ffbab03d3e4-7ffbab03d41b TlsSetValue PyThreadState_Swap * 2 413->417 414->415 415->413 416->417 418 7ffbab03d57b-7ffbab03d58b PyType_Ready 417->418 419 7ffbab03d421-7ffbab03d42d PyDict_New 417->419 420 7ffbab03d45f-7ffbab03d472 418->420 422 7ffbab03d591-7ffbab03d5a1 PyType_Ready 418->422 419->420 421 7ffbab03d42f-7ffbab03d44e PyUnicode_DecodeMBCS 419->421 423 7ffbab03d450-7ffbab03d454 421->423 424 7ffbab03d473-7ffbab03d4a4 PyDict_SetItemString * 2 421->424 422->420 425 7ffbab03d5a7-7ffbab03d5b7 PyType_Ready 422->425 423->420 426 7ffbab03d456-7ffbab03d459 _Py_Dealloc 423->426 427 7ffbab03d4af-7ffbab03d4c2 PyImport_ImportModule 424->427 428 7ffbab03d4a6-7ffbab03d4a9 _Py_Dealloc 424->428 425->420 429 7ffbab03d5bd-7ffbab03d5cd PyType_Ready 425->429 426->420 427->420 430 7ffbab03d4c4-7ffbab03d4dd PyDict_SetItemString 427->430 428->427 429->420 431 7ffbab03d5d3-7ffbab03d5e3 PyType_Ready 429->431 432 7ffbab03d6c2-7ffbab03d6cc 430->432 433 7ffbab03d4e3-7ffbab03d4ea 430->433 431->420 434 7ffbab03d5e9-7ffbab03d5f9 PyType_Ready 431->434 432->420 438 7ffbab03d6d2 432->438 435 7ffbab03d4ec-7ffbab03d4ef _Py_Dealloc 433->435 436 7ffbab03d4f5-7ffbab03d519 PyRun_StringFlags 433->436 434->420 437 7ffbab03d5ff-7ffbab03d60f PyType_Ready 434->437 435->436 436->420 440 7ffbab03d51f-7ffbab03d523 436->440 437->420 439 7ffbab03d615-7ffbab03d625 PyType_Ready 437->439 439->420 441 7ffbab03d62b-7ffbab03d63b PyType_Ready 439->441 442 7ffbab03d52e-7ffbab03d548 PyDict_GetItemString 440->442 443 7ffbab03d525-7ffbab03d528 _Py_Dealloc 440->443 441->420 444 7ffbab03d641-7ffbab03d65a PyCapsule_Import 441->444 445 7ffbab03d54d-7ffbab03d567 PyDict_GetItemString 442->445 446 7ffbab03d54a 442->446 443->442 444->420 447 7ffbab03d660-7ffbab03d6ab PyType_Ready 444->447 448 7ffbab03d56c-7ffbab03d570 445->448 449 7ffbab03d569 445->449 446->445 447->420 450 7ffbab03d6b1-7ffbab03d6c1 447->450 448->418 451 7ffbab03d572-7ffbab03d575 _Py_Dealloc 448->451 449->448 451->418
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ReadyType_$Dict_String$DeallocItem$State_SwapThread$ErrorFatalFuncImport$AllocCapsule_DecodeFlagsImport_LocalModuleRun_Unicode_Value
                                                                                                                                                                                                                                                                    • String ID: Exception$Out of memory allocating thread state.$PyWinInterpreterState_Ensure$__builtins__$__name__$builtins$class error(Exception): def __init__(self, *args, **kw): nargs = len(args) if nargs > 0: self.winerror = args[0] else: self.winerror = None if nargs > 1: self.funcname = args[1] else: self.funcname = None if nargs > 2: self.strerror =$com_error$datetime.datetime_CAPI$error$ignore$pywintypes$pywintypes: can not setup interpreter state, as current state is invalid
                                                                                                                                                                                                                                                                    • API String ID: 3484552599-1312685011
                                                                                                                                                                                                                                                                    • Opcode ID: e0159ba88e5a1c801be6e97637d547daee22a19625dd7a0b62aed85a2cc0910d
                                                                                                                                                                                                                                                                    • Instruction ID: 706c286dd916c979dc9e6d0cbacd34eefadfdafc16b212a48424761c2a0f9739
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e0159ba88e5a1c801be6e97637d547daee22a19625dd7a0b62aed85a2cc0910d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ECA1DCB190BB0282EA6A9B34E85827823A1FF45B94F54C635DD3E526B1EF3CE475C305
                                                                                                                                                                                                                                                                    Function 00007FFBAB03DD10 Relevance: 77.2, APIs: 25, Strings: 19, Instructions: 209COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 452 7ffbab03dd10-7ffbab03dd5b PyImport_ImportModule 453 7ffbab03dd5d-7ffbab03dd64 452->453 454 7ffbab03dd69-7ffbab03dd7c PyImport_ImportModule 452->454 455 7ffbab03df8a-7ffbab03df9e _wcsdup 453->455 456 7ffbab03dd7e-7ffbab03dd85 454->456 457 7ffbab03dd8a-7ffbab03dda0 PyObject_GetAttrString 454->457 458 7ffbab03dfac-7ffbab03dfaf 455->458 459 7ffbab03dfa0-7ffbab03dfa4 455->459 456->455 460 7ffbab03ddae-7ffbab03ddbf PyObject_CallObject 457->460 461 7ffbab03dda2-7ffbab03dda9 457->461 463 7ffbab03dfb1-7ffbab03dfb5 458->463 464 7ffbab03dfc0-7ffbab03dfc3 458->464 459->458 462 7ffbab03dfa6 _Py_Dealloc 459->462 465 7ffbab03ddcd-7ffbab03dde3 PyObject_GetAttrString 460->465 466 7ffbab03ddc1-7ffbab03ddc8 460->466 461->455 462->458 463->464 467 7ffbab03dfb7-7ffbab03dfba _Py_Dealloc 463->467 468 7ffbab03dfc5-7ffbab03dfc9 464->468 469 7ffbab03dfd4-7ffbab03dfd7 464->469 470 7ffbab03ddf1-7ffbab03de4f _Py_BuildValue_SizeT 465->470 471 7ffbab03dde5-7ffbab03ddec 465->471 466->455 467->464 468->469 476 7ffbab03dfcb-7ffbab03dfce _Py_Dealloc 468->476 472 7ffbab03dfe9-7ffbab03dfec 469->472 473 7ffbab03dfd9-7ffbab03dfde 469->473 474 7ffbab03de5d-7ffbab03de6f PyObject_CallObject 470->474 475 7ffbab03de51-7ffbab03de58 470->475 471->455 480 7ffbab03dfee-7ffbab03dff2 472->480 481 7ffbab03dffd-7ffbab03e000 472->481 473->472 477 7ffbab03dfe0-7ffbab03dfe3 _Py_Dealloc 473->477 478 7ffbab03de7d-7ffbab03de81 474->478 479 7ffbab03de71-7ffbab03de78 474->479 475->455 476->469 477->472 482 7ffbab03de8c-7ffbab03dea2 PyObject_GetAttrString 478->482 483 7ffbab03de83-7ffbab03de86 _Py_Dealloc 478->483 479->455 480->481 484 7ffbab03dff4-7ffbab03dff7 _Py_Dealloc 480->484 485 7ffbab03e012-7ffbab03e015 481->485 486 7ffbab03e002-7ffbab03e007 481->486 487 7ffbab03deb0-7ffbab03deb4 482->487 488 7ffbab03dea4-7ffbab03deab 482->488 483->482 484->481 490 7ffbab03e026-7ffbab03e029 485->490 491 7ffbab03e017-7ffbab03e01b 485->491 486->485 489 7ffbab03e009-7ffbab03e00c _Py_Dealloc 486->489 492 7ffbab03debf-7ffbab03ded0 PyObject_CallObject 487->492 493 7ffbab03deb6-7ffbab03deb9 _Py_Dealloc 487->493 488->455 489->485 495 7ffbab03e02b-7ffbab03e02e PyMem_Free 490->495 496 7ffbab03e034-7ffbab03e047 490->496 491->490 494 7ffbab03e01d-7ffbab03e020 _Py_Dealloc 491->494 497 7ffbab03dede-7ffbab03def1 492->497 498 7ffbab03ded2-7ffbab03ded9 492->498 493->492 494->490 495->496 499 7ffbab03def3-7ffbab03df07 PyUnicode_AsWideCharString 497->499 500 7ffbab03df38-7ffbab03df3f 497->500 498->455 503 7ffbab03df22-7ffbab03df36 _wcsdup 499->503 504 7ffbab03df09-7ffbab03df20 PyErr_SetString 499->504 501 7ffbab03df41-7ffbab03df58 PyErr_SetString 500->501 502 7ffbab03df5a-7ffbab03df5d 500->502 505 7ffbab03df83 501->505 506 7ffbab03df5f-7ffbab03df63 502->506 507 7ffbab03df65 502->507 503->459 504->505 505->455 508 7ffbab03df6c-7ffbab03df7d PyErr_Format 506->508 507->508 508->505
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Dealloc$ImportImport_Module$FreeMem__wcsdup
                                                                                                                                                                                                                                                                    • String ID: <Error getting traceback - cStringIO.StringIO() failed>$<Error getting traceback - cant find cStringIO.StringIO>$<Error getting traceback - cant find getvalue function>$<Error getting traceback - cant find traceback.print_exception>$<Error getting traceback - cant import cStringIO>$<Error getting traceback - cant import traceback>$<Error getting traceback - cant make print_exception arguments>$<Error getting traceback - getvalue() did not return a string>$<Error getting traceback - getvalue() failed.>$<Error getting traceback - traceback.print_exception() failed>$<NULL!!>$Getting WCHAR string$None is not a valid string in this context$OOOOOi$Objects of type '%s' can not be converted to Unicode.$StringIO$getvalue$print_exception$traceback
                                                                                                                                                                                                                                                                    • API String ID: 2735870070-2174458333
                                                                                                                                                                                                                                                                    • Opcode ID: 5fb5c867c60d5da15cf343896854952990717c9409770200ed863035a3dfa842
                                                                                                                                                                                                                                                                    • Instruction ID: c8b1caab3d88a5ce110eb8fbca3849683d1a84dff90dcf3f928cf06c7f2393e8
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5fb5c867c60d5da15cf343896854952990717c9409770200ed863035a3dfa842
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0791E9B6A0BA5285FA7B9B31E85817923A0BF94B80F44C135DD2E52774EF3DE5358304
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF7020 Relevance: 66.9, APIs: 29, Strings: 9, Instructions: 409threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 509 7ffbaaff7020-7ffbaaff707c 510 7ffbaaff70a0-7ffbaaff70a4 509->510 511 7ffbaaff707e-7ffbaaff7093 PyErr_Format 509->511 513 7ffbaaff70c8-7ffbaaff70cb 510->513 514 7ffbaaff70a6-7ffbaaff70c3 PyErr_Format 510->514 512 7ffbaaff7099-7ffbaaff709b 511->512 515 7ffbaaff72b5-7ffbaaff72e3 call 7ffbab00b340 512->515 516 7ffbaaff70f9-7ffbaaff7114 PyTuple_Size 513->516 517 7ffbaaff70cd-7ffbaaff70d9 PyDict_Size 513->517 514->515 516->512 519 7ffbaaff7116-7ffbaaff7144 516->519 517->516 518 7ffbaaff70db-7ffbaaff70f4 PyErr_SetString 517->518 518->515 521 7ffbaaff7158-7ffbaaff715b 519->521 522 7ffbaaff7146-7ffbaaff7149 519->522 526 7ffbaaff7185-7ffbaaff7195 PyTuple_New 521->526 527 7ffbaaff715d 521->527 524 7ffbaaff7337-7ffbaaff734b PyObject_Malloc 522->524 525 7ffbaaff714f-7ffbaaff7156 522->525 528 7ffbaaff734d-7ffbaaff7353 PyErr_NoMemory 524->528 529 7ffbaaff737c-7ffbaaff7383 524->529 530 7ffbaaff7164-7ffbaaff7180 PyErr_Format 525->530 531 7ffbaaff72b2 526->531 532 7ffbaaff719b-7ffbaaff719e 526->532 527->530 533 7ffbaaff7502-7ffbaaff7505 528->533 534 7ffbaaff7389-7ffbaaff73ca 529->534 535 7ffbaaff7513-7ffbaaff7539 PyEval_SaveThread TlsGetValue 529->535 530->531 531->515 536 7ffbaaff71cf-7ffbaaff71d5 532->536 537 7ffbaaff71a0-7ffbaaff71ad 532->537 533->531 542 7ffbaaff750b 533->542 541 7ffbaaff73d0-7ffbaaff73ea 534->541 543 7ffbaaff7561-7ffbaaff7573 SetLastError _errno 535->543 544 7ffbaaff753b-7ffbaaff754a malloc 535->544 539 7ffbaaff730d-7ffbaaff7331 PyLong_AsLong call 7ffbaaffae40 536->539 540 7ffbaaff71db-7ffbaaff71fe 536->540 538 7ffbaaff71b0-7ffbaaff71ba 537->538 545 7ffbaaff71be-7ffbaaff71c9 538->545 546 7ffbaaff71bc 538->546 539->524 552 7ffbaaff728c-7ffbaaff728f 539->552 549 7ffbaaff7202-7ffbaaff7214 540->549 550 7ffbaaff73f0-7ffbaaff73f8 541->550 551 7ffbaaff73ec 541->551 542->552 547 7ffbaaff7575-7ffbaaff75a8 call 7ffbab00b0a0 call 7ffbaaff15a0 PyEval_RestoreThread 543->547 544->547 553 7ffbaaff754c-7ffbaaff755b TlsSetValue 544->553 545->538 555 7ffbaaff71cb 545->555 546->545 595 7ffbaaff75aa-7ffbaaff75b8 call 7ffbaaff3550 547->595 596 7ffbaaff75bd-7ffbaaff75c1 547->596 559 7ffbaaff7235-7ffbaaff723f 549->559 560 7ffbaaff7216-7ffbaaff7220 549->560 561 7ffbaaff7495-7ffbaaff74a5 call 7ffbaaff4590 550->561 562 7ffbaaff73fe-7ffbaaff7412 call 7ffbaaff6e30 550->562 551->550 557 7ffbaaff7291-7ffbaaff7295 552->557 558 7ffbaaff72a0-7ffbaaff72a7 552->558 553->543 555->536 557->558 564 7ffbaaff7297-7ffbaaff729a _Py_Dealloc 557->564 558->531 565 7ffbaaff72a9-7ffbaaff72ac PyObject_Free 558->565 567 7ffbaaff7245-7ffbaaff724a 559->567 568 7ffbaaff72e4-7ffbaaff72e7 559->568 560->559 566 7ffbaaff7222-7ffbaaff7225 560->566 578 7ffbaaff74a7-7ffbaaff74aa 561->578 579 7ffbaaff74b0-7ffbaaff74bb 561->579 580 7ffbaaff7418-7ffbaaff741b 562->580 581 7ffbaaff74ac 562->581 564->558 565->531 566->559 572 7ffbaaff7227-7ffbaaff722a 566->572 573 7ffbaaff7250-7ffbaaff7253 567->573 574 7ffbaaff72ed-7ffbaaff72f2 567->574 568->574 575 7ffbaaff72e9 568->575 572->559 583 7ffbaaff722c-7ffbaaff722f 572->583 584 7ffbaaff7255-7ffbaaff7279 call 7ffbaaff9380 573->584 585 7ffbaaff7280-7ffbaaff7286 573->585 586 7ffbaaff72f6-7ffbaaff7303 574->586 587 7ffbaaff72f4 574->587 575->574 588 7ffbaaff74df-7ffbaaff74e2 578->588 593 7ffbaaff7510 579->593 594 7ffbaaff74bd-7ffbaaff74cd 579->594 589 7ffbaaff74d8 580->589 590 7ffbaaff7421-7ffbaaff7427 580->590 581->579 583->559 597 7ffbaaff7358-7ffbaaff7377 PyErr_Format 583->597 584->585 585->574 592 7ffbaaff7288 585->592 586->549 591 7ffbaaff7309 586->591 587->586 604 7ffbaaff74f5-7ffbaaff74fe PyObject_Free 588->604 605 7ffbaaff74e4-7ffbaaff74f3 PyObject_Free 588->605 602 7ffbaaff74db 589->602 600 7ffbaaff7429-7ffbaaff7430 590->600 601 7ffbaaff7448-7ffbaaff7455 PyObject_Malloc 590->601 591->539 592->552 593->535 594->541 595->588 606 7ffbaaff75c3-7ffbaaff75d0 596->606 607 7ffbaaff75de-7ffbaaff75e0 596->607 597->592 608 7ffbaaff7435-7ffbaaff7446 call 7ffbab00b4f0 600->608 609 7ffbaaff7432 600->609 610 7ffbaaff7457-7ffbaaff745e 601->610 611 7ffbaaff74d2 PyErr_NoMemory 601->611 602->588 604->533 605->604 605->605 606->588 613 7ffbaaff75d6-7ffbaaff75d9 606->613 607->595 614 7ffbaaff75e2-7ffbaaff75ea 607->614 616 7ffbaaff7461-7ffbaaff7487 memset call 7ffbaaff4070 608->616 609->608 610->616 611->589 613->588 617 7ffbaaff7608-7ffbaaff760c 614->617 618 7ffbaaff75ec 614->618 616->578 628 7ffbaaff7489-7ffbaaff7493 616->628 619 7ffbaaff7617-7ffbaaff7637 malloc PyObject_Init 617->619 620 7ffbaaff760e-7ffbaaff7615 617->620 623 7ffbaaff75f3-7ffbaaff7603 PyErr_SetString 618->623 619->602 624 7ffbaaff763d-7ffbaaff7644 619->624 620->623 623->588 626 7ffbaaff764a-7ffbaaff7668 memcpy 624->626 627 7ffbaaff7646 624->627 626->602 627->626 628->579
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_Object_$FormatFree$Eval_MallocMemoryThreadValuemallocmemcpy$DeallocErrorInitLastLongLong_RestoreSaveString_errnomemset
                                                                                                                                                                                                                                                                    • String ID: '%s' expects %zd arguments, got %zd$'%s' expects at least %zd arguments, got %zd$a cdata function cannot be called with keyword arguments$argument %zd passed in the variadic part needs to be a cdata object (got %.200s)$cannot call null pointer pointer from cdata '%s'$cdata '%s' is not callable$int$return type is a struct/union with a varsize array member$return type is an opaque structure or union
                                                                                                                                                                                                                                                                    • API String ID: 2572910526-552399096
                                                                                                                                                                                                                                                                    • Opcode ID: 004199ff4cadcb9886dd8b6acabb45ea8d210fc74dee3ddfc69293e0bee0e620
                                                                                                                                                                                                                                                                    • Instruction ID: ada4839ab151adf68fb52d5e548e4e3b3846982bdb3939f2a6037fb30cceff0f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 004199ff4cadcb9886dd8b6acabb45ea8d210fc74dee3ddfc69293e0bee0e620
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 270294A1A0AB82D5EF2A8F35D8501BC63A4FF44B94B448175DD2D477A4DF3EE46AC320
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF8EC0 Relevance: 52.7, APIs: 20, Strings: 10, Instructions: 180libraryCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 910 7ffbaaff8ec0-7ffbaaff8f0c 911 7ffbaaff8f12-7ffbaaff8f1d 910->911 912 7ffbaaff916b-7ffbaaff9182 _PyArg_ParseTuple_SizeT 910->912 911->912 915 7ffbaaff8f23-7ffbaaff8f31 911->915 913 7ffbaaff91a9 912->913 914 7ffbaaff9184-7ffbaaff918f 912->914 919 7ffbaaff91ab-7ffbaaff91d0 call 7ffbab00b340 913->919 916 7ffbaaff9192-7ffbaaff91a3 PyErr_SetString 914->916 917 7ffbaaff8f37-7ffbaaff8f41 915->917 918 7ffbaaff90cf-7ffbaaff90e9 _PyArg_ParseTuple_SizeT 915->918 916->913 917->918 920 7ffbaaff8f47-7ffbaaff8f51 917->920 918->913 922 7ffbaaff90ef-7ffbaaff90ff 918->922 920->918 923 7ffbaaff8f57-7ffbaaff8f61 920->923 925 7ffbaaff9121-7ffbaaff9128 922->925 926 7ffbaaff9101-7ffbaaff911c PyErr_Format 922->926 923->918 927 7ffbaaff8f67-7ffbaaff8f71 923->927 928 7ffbaaff912a-7ffbaaff9141 PyErr_Format 925->928 929 7ffbaaff9143-7ffbaaff9163 PyUnicode_FromFormat PyUnicode_AsUTF8 925->929 926->913 927->918 931 7ffbaaff8f77-7ffbaaff8f91 _PyArg_ParseTuple_SizeT 927->931 928->913 930 7ffbaaff9166-7ffbaaff9169 929->930 930->919 932 7ffbaaff8f93-7ffbaaff8fa2 PyUnicode_AsUTF8 931->932 933 7ffbaaff9010-7ffbaaff903f PyErr_Clear _PyArg_ParseTuple_SizeT 931->933 932->913 935 7ffbaaff8fa8-7ffbaaff8fc5 PyUnicode_GetLength 932->935 933->913 934 7ffbaaff9045-7ffbaaff9058 PyUnicode_AsUTF8 933->934 936 7ffbaaff905a-7ffbaaff9060 PyMem_Free 934->936 937 7ffbaaff9065-7ffbaaff9068 934->937 938 7ffbaaff8fc7 935->938 939 7ffbaaff8fd1-7ffbaaff8ff8 call 7ffbab00b4f0 PyUnicode_AsWideChar 935->939 936->913 937->916 940 7ffbaaff906e-7ffbaaff907b LoadLibraryA PyMem_Free 937->940 938->939 939->913 944 7ffbaaff8ffe-7ffbaaff900e LoadLibraryW 939->944 942 7ffbaaff9081-7ffbaaff9084 940->942 942->930 945 7ffbaaff908a-7ffbaaff9092 GetLastError 942->945 944->942 946 7ffbaaff9094-7ffbaaff90a8 call 7ffbaaff11a0 945->946 947 7ffbaaff90ad-7ffbaaff90ca PyErr_Format 945->947 946->947 947->913
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Unicode_$Err_$Arg_FormatParseSizeTuple_$FreeLibraryLoadMem_$CharClearErrorFromLastLengthStringWide
                                                                                                                                                                                                                                                                    • String ID: <None>$O|i:load_library$U|i:load_library$cannot call dlopen(NULL)$cannot load library '%s': %s$dlopen() takes a file name or 'void *' handle, not '%s'$dlopen(None) not supported on Windows$error 0x%x$et|i:load_library$|Oi:load_library
                                                                                                                                                                                                                                                                    • API String ID: 563250132-880521189
                                                                                                                                                                                                                                                                    • Opcode ID: 6e03e8b976f7dedd1d79f075dada784dc4b064d24034fe316a73aae87716e5a4
                                                                                                                                                                                                                                                                    • Instruction ID: 42621aa8455e60086978ed5cd39845e1c97bab6e8ea953fa85c69b510798d90e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6e03e8b976f7dedd1d79f075dada784dc4b064d24034fe316a73aae87716e5a4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EC913DA1A0AB42E5EF26CF75E8541B82364FF44B94B448532DD2E836B4DF3EE569C310
                                                                                                                                                                                                                                                                    Function 00007FFBAB0325D0 Relevance: 49.2, APIs: 14, Strings: 14, Instructions: 163COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetExplicitEntriesFromAclW.ADVAPI32 ref: 00007FFBAB0325F3
                                                                                                                                                                                                                                                                    • PyTuple_New.PYTHON312 ref: 00007FFBAB032621
                                                                                                                                                                                                                                                                    • PyErr_SetString.PYTHON312 ref: 00007FFBAB0326C7
                                                                                                                                                                                                                                                                    • Py_BuildValue.PYTHON312 ref: 00007FFBAB032826
                                                                                                                                                                                                                                                                    • PyTuple_SetItem.PYTHON312 ref: 00007FFBAB03283A
                                                                                                                                                                                                                                                                    • LocalFree.KERNEL32 ref: 00007FFBAB0328AD
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C0AB
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C11A
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: PyUnicode_DecodeMBCS.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C1EB
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C200
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C218
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: PyErr_SetObject.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C22D
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: _Py_Dealloc.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C23C
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: BuildErr_FreeLocalTuple_$DeallocDecodeEntriesErrorExplicitFormatFromItemLastMessageObjectSizeStringUnicode_ValueValue_
                                                                                                                                                                                                                                                                    • String ID: AccessMode$AccessPermissions$GetExplicitEntriesFromAcl$Identifier$Inheritance$Invalid value for TrusteeForm$MultipleTrustee$MultipleTrusteeOperation$Trustee$TrusteeForm$TrusteeForm not yet supported$TrusteeType${s:O,s:l,s:l,s:l,s:N}${s:l,s:l,s:l,s:N}
                                                                                                                                                                                                                                                                    • API String ID: 2366750547-3224252679
                                                                                                                                                                                                                                                                    • Opcode ID: 6de9b0acf5d9fc3516079e1141f043bffedd79fc0069b299c821f088a3567d20
                                                                                                                                                                                                                                                                    • Instruction ID: 30f4034ed0c8422637af5fbd7d15fb6a89d1de5ee07b8701a0055f4a8ee05dd7
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6de9b0acf5d9fc3516079e1141f043bffedd79fc0069b299c821f088a3567d20
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B817EB6A4AB4689EB3A8F25E44426937A0FB88B90F44C035CE6D13774DF3CE464D700
                                                                                                                                                                                                                                                                    Function 00007FFBAB008BA0 Relevance: 47.5, APIs: 20, Strings: 7, Instructions: 218COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • PyDict_GetItem.PYTHON312 ref: 00007FFBAB008BB7
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB0085A0: PyUnicode_AsUTF8.PYTHON312(?,?,00000000,?,?,00000000,00007FFBAB009186), ref: 00007FFBAB0085CA
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB0085A0: PyErr_SetString.PYTHON312(?,?,00000000,?,?,00000000,00007FFBAB009186), ref: 00007FFBAB00864A
                                                                                                                                                                                                                                                                    • PyUnicode_AsUTF8.PYTHON312 ref: 00007FFBAB008BE6
                                                                                                                                                                                                                                                                    • PyErr_Clear.PYTHON312 ref: 00007FFBAB008C23
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_Unicode_$ClearDict_ItemString
                                                                                                                                                                                                                                                                    • String ID: %s.lib$__all__$__class__$__dict__$__loader__$__name__$__spec__
                                                                                                                                                                                                                                                                    • API String ID: 1723949426-3301019394
                                                                                                                                                                                                                                                                    • Opcode ID: 1b9ca9ff41cca3966e44a8c7ddafdac15da1c4a90d33aaee8b76cbc7cd92ace3
                                                                                                                                                                                                                                                                    • Instruction ID: 2b60c2e0cad78bfde182420850d7b63f0a4a9a3707979b43fcd32ed1249f31e7
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b9ca9ff41cca3966e44a8c7ddafdac15da1c4a90d33aaee8b76cbc7cd92ace3
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E98172A1A0B742A1EE378F75E86017A67A0BF55BD4F488135CE2D037B5EE3CE4A08710
                                                                                                                                                                                                                                                                    Function 00007FFBAB039E30 Relevance: 47.4, APIs: 21, Strings: 6, Instructions: 197COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$Dealloc$String$BuildLongNumber_Value$ArgumentAttrCallCheckClearEval_FormatKeywordsLong_ObjectObject_OccurredSubtypeType_With_mktime64
                                                                                                                                                                                                                                                                    • String ID: (d)$Objects of type '%s' can not be used as a time object$iiiiiiiii|i$mktime argument out of range$timetuple$year out of range
                                                                                                                                                                                                                                                                    • API String ID: 374337924-3179837657
                                                                                                                                                                                                                                                                    • Opcode ID: c35d6597132e819aabd3fc0a246c3c0a8db126465e84e8f8556b1c8a4bbdd07e
                                                                                                                                                                                                                                                                    • Instruction ID: 76cd4e1179adf1226735a4ec355542dc1731b6427f1d3e4aa6938764553bc1f9
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c35d6597132e819aabd3fc0a246c3c0a8db126465e84e8f8556b1c8a4bbdd07e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D9172B2A0AA4289EB6A8F30D4582BD33A4FF85B54F04C135DE2E56774EF3CE4648704
                                                                                                                                                                                                                                                                    Function 00007FFBAB007B10 Relevance: 45.7, APIs: 24, Strings: 2, Instructions: 193threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Dealloc$Dict_$ItemSize$CallCapsule_Eval_Object_PackThreadTuple_$Arg_Function_Keywords_Method_ParsePointerRestoreSaveThread_acquire_lockThread_allocate_lockThread_free_lockThread_release_lockTuple
                                                                                                                                                                                                                                                                    • String ID: cffi_init_once_lock$setdefault
                                                                                                                                                                                                                                                                    • API String ID: 1006512166-1600032183
                                                                                                                                                                                                                                                                    • Opcode ID: 858341202127efa7cab02a066397fc3ede4a404ace3f3f566402af7514c105a9
                                                                                                                                                                                                                                                                    • Instruction ID: 2619a45d4dff3599b5ab2aca829d5652537d01178d1313b3646dfb438f2c0aa0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 858341202127efa7cab02a066397fc3ede4a404ace3f3f566402af7514c105a9
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56812DB1A0BB02A5EE278F35E86427927A1AF48B96F08C135CE2D46775DF3CE4748711
                                                                                                                                                                                                                                                                    Function 00007FFBAB00A1A0 Relevance: 45.6, APIs: 25, Strings: 1, Instructions: 146threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    • extern "Python": function %s() called, but %s. Returning 0., xrefs: 00007FFBAB00A2C0
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: State_$Value$Dealloc$DictErrorInterpreterLastReleaseThread_errnomalloc$ClearDict_Err_FromItemLong_Void__acrt_iob_funcfprintfmemset
                                                                                                                                                                                                                                                                    • String ID: extern "Python": function %s() called, but %s. Returning 0.
                                                                                                                                                                                                                                                                    • API String ID: 384508774-1240277920
                                                                                                                                                                                                                                                                    • Opcode ID: 2f9a5dbc2d8848ad3143bc2539c1460346e4ec552b7ab1b78c01b528994256f4
                                                                                                                                                                                                                                                                    • Instruction ID: 628d486c2854b7d89219535e90bd9893f8685721ce953fe4fc917698807cf177
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f9a5dbc2d8848ad3143bc2539c1460346e4ec552b7ab1b78c01b528994256f4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA61FBB190AB42A6EE2A9F75E42427863A0FF58B54F048535DE6E07375DF3CE4B58310
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF1EE0 Relevance: 43.9, APIs: 18, Strings: 7, Instructions: 198COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$Buffer_Slice_$AdjustBufferCheckContiguousFormatIndex_IndicesNumber_Object_OccurredReleaseSsize_tStringUnpack
                                                                                                                                                                                                                                                                    • String ID: buffer assignment index out of range$buffer doesn't support slicing with step != 1$buffer indices must be integers, not %.200s$contiguous buffer expected$expected a pointer or array ctype, got '%s'$must assign a bytes of length 1, not %.200s$right operand length must match slice length
                                                                                                                                                                                                                                                                    • API String ID: 833820618-3042757970
                                                                                                                                                                                                                                                                    • Opcode ID: 8e521ecaeb4be6dde3d69ee9e7fef3339b5b12b55b5bcfae4bca9c5493f51f27
                                                                                                                                                                                                                                                                    • Instruction ID: 818a4f7ad249c4d7c103fa569889a85220a15691d548783a0aed37d9cc5d4e99
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e521ecaeb4be6dde3d69ee9e7fef3339b5b12b55b5bcfae4bca9c5493f51f27
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A9134A5B0AA42D2EE668F35E4503792364FB447A5F448232DE6D436E4DF3CE4ADD320
                                                                                                                                                                                                                                                                    Function 00007FFBAB033E20 Relevance: 43.9, APIs: 19, Strings: 6, Instructions: 181COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Dealloc$Err_Sequence_String$Arg_FreeParseTuple$CheckEntriesItemKeywordsLocalMem_SizeTuple_freemallocmemset
                                                                                                                                                                                                                                                                    • String ID: EXPLICIT_ACCESS must be a dictionary containing {AccessPermissions:int,AccessMode:int,Inheritance:int,Trustee:<o PyTRUSTEE>}$O:SetEntriesInAcl$Parm must be a list of EXPLICIT_ACCESS dictionaries$SetEntriesInAcl$SetEntriesInAcl: unable to allocate EXPLICIT_ACCESS_W$lllO
                                                                                                                                                                                                                                                                    • API String ID: 1438466550-1140684800
                                                                                                                                                                                                                                                                    • Opcode ID: 61683f0335259351e18ceb0c0b5e7f1567f179fc215418459869264315bb2b13
                                                                                                                                                                                                                                                                    • Instruction ID: 83bb6c511eaf0f130981cf4014d7f4a7075631d87fa1b78cd9df11515772cb94
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61683f0335259351e18ceb0c0b5e7f1567f179fc215418459869264315bb2b13
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C98161B2B0AB4285EA269F31E44827A63A0FF85B84F548035DE5E57774EF3CE465C704
                                                                                                                                                                                                                                                                    Function 00007FFBAB035A70 Relevance: 43.9, APIs: 17, Strings: 8, Instructions: 161COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_String$Buffer_FormatFromRelease$Arg_BufferCharFreeMem_Object_ParseProgReferenceTupleUnicode_Widemalloc
                                                                                                                                                                                                                                                                    • String ID: <NULL!!>$Buffer cannot be None$Buffer length can be at most %d characters$Getting WCHAR string$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$O|i$string too small - must be at least %d bytes (got %d)
                                                                                                                                                                                                                                                                    • API String ID: 4105764891-2902820477
                                                                                                                                                                                                                                                                    • Opcode ID: cda41e970d2cb967eed48b9acbb4b0512a05b68967e54b43242f7ce9b0349404
                                                                                                                                                                                                                                                                    • Instruction ID: 61d4842499bdb26b7a95e48b6f07a28412afd968c2090423fa5d2b92655443f2
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cda41e970d2cb967eed48b9acbb4b0512a05b68967e54b43242f7ce9b0349404
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7E810EB6B1AB0289FB66CF35E8581B823A1FB84B88F449435DD1E52674EF3CE564C304
                                                                                                                                                                                                                                                                    Function 00007FFBAB005EC0 Relevance: 42.3, APIs: 14, Strings: 10, Instructions: 272stringCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Dealloc$strncmp$BuildErr_FormatSizeValue_$ErrorFatalFuncList_
                                                                                                                                                                                                                                                                    • String ID: %s: %s%s%s (cdef says %zd, but C compiler says %zd). fix it or use "...;" as the last field in the cdef for %s to make it flexible$(OOOnii)$(sOin)$do_realize_lazy_struct$enum $field op=%d$lost a struct/union!$struct $union $wrong size for field '
                                                                                                                                                                                                                                                                    • API String ID: 1048173794-2709940433
                                                                                                                                                                                                                                                                    • Opcode ID: f49877a4c80114b4825c045b54e03696b87cdbfaeaae26ff6c441478c10d9125
                                                                                                                                                                                                                                                                    • Instruction ID: c57a187f0e88f8a45e45c808ba2f3f2dbb46197c91d8a482813adf77dbc5f99e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f49877a4c80114b4825c045b54e03696b87cdbfaeaae26ff6c441478c10d9125
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BFC181B2A0AA4295EF268F35E46427937A1FB55BA4F448231DE7D437A4DF3CD165C300
                                                                                                                                                                                                                                                                    Function 00007FFBAB037430 Relevance: 42.1, APIs: 17, Strings: 7, Instructions: 134COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$DescriptorSecurity$String$Arg_Buffer_ParseReleaseTuplefreemalloc$BufferClearControlDeallocFormatInitializeLengthObject_OccurredReferenceValid
                                                                                                                                                                                                                                                                    • String ID: Buffer cannot be None$Buffer length can be at most %d characters$Data is not a valid security descriptor$O:SECURITY_DESCRIPTOR$Security descriptor created from a buffer must be self relative$Security descriptors are not supported on this platform$|l:SECURITY_DESCRIPTOR
                                                                                                                                                                                                                                                                    • API String ID: 929864077-2729865943
                                                                                                                                                                                                                                                                    • Opcode ID: 6f654bcaa8df546f42f247dd2c27e07188fcf06852b0229ff566bc066e8a319f
                                                                                                                                                                                                                                                                    • Instruction ID: d4e0603a15e5db9446a6dd16bca6f3f67ec7efa8d3ffb147bfe875b8f86d4657
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f654bcaa8df546f42f247dd2c27e07188fcf06852b0229ff566bc066e8a319f
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 635170B2A0AB4285EABA9F35E9586792761FF84B80F44D031DD6E53671EF3CE465C300
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF2240 Relevance: 40.4, APIs: 19, Strings: 4, Instructions: 110COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Object_$Dealloc$AttrString$Capsule_Err_$CallClearDescriptorErrnoFileFromMethod_PointerSizeUnicode__close_dup_fdopenfclosesetbuf
                                                                                                                                                                                                                                                                    • String ID: FILE$__cffi_FILE$flush$mode
                                                                                                                                                                                                                                                                    • API String ID: 893206650-3531628309
                                                                                                                                                                                                                                                                    • Opcode ID: ea159cc7a083acafad478ec51a746df617d6a5094d745ea694b14cbf8eb416dc
                                                                                                                                                                                                                                                                    • Instruction ID: 39f64013d331a24bfff4e134ce4c8dfd5d750ac70360a7ee2247cab5e738a45e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ea159cc7a083acafad478ec51a746df617d6a5094d745ea694b14cbf8eb416dc
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 76410FE1A0EB03D1EE2B9B35E82427C23A5AF45B95F448175CD1E82774DF3DE46A8321
                                                                                                                                                                                                                                                                    Function 00007FFBAB0378A0 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 181COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AbsoluteErr_FormatMakemallocmemset
                                                                                                                                                                                                                                                                    • String ID: ($MakeAbsoluteSD$Unable to allocate %d bytes
                                                                                                                                                                                                                                                                    • API String ID: 1436552674-2130869594
                                                                                                                                                                                                                                                                    • Opcode ID: e9e880d134da8da5eea3fd779c7919a1fed72d2f02bb0726c0d88128c0315eeb
                                                                                                                                                                                                                                                                    • Instruction ID: 1a8facd71ed644974153d038fb32e931c6c316cf8ad88399b0d6a7bd32f042ed
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e9e880d134da8da5eea3fd779c7919a1fed72d2f02bb0726c0d88128c0315eeb
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B281A172B0AB428AEB668F71E8546B937A4FB48B94F048035DD6D93B64EF3CD464C704
                                                                                                                                                                                                                                                                    Function 00007FFBAB0323E0 Relevance: 38.6, APIs: 9, Strings: 13, Instructions: 107COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: BuildErr_StringValue$CharFromUnicode_Wide
                                                                                                                                                                                                                                                                    • String ID: AccessMode$AccessPermissions$Identifier$Inheritance$Invalid value for TrusteeForm$MultipleTrustee$MultipleTrusteeOperation$Trustee$TrusteeForm$TrusteeForm not yet supported$TrusteeType${s:O,s:l,s:l,s:l,s:N}${s:l,s:l,s:l,s:N}
                                                                                                                                                                                                                                                                    • API String ID: 4150572817-4268317626
                                                                                                                                                                                                                                                                    • Opcode ID: 4d186b5e9dc2c61247186536ffd7d2019c2e2360de785c2d6a2c767b29aa4ea3
                                                                                                                                                                                                                                                                    • Instruction ID: 3a196b8a524a5dff86c62f31e89ff7a96bc7923a32aba826ae9cb3906f7193fd
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4d186b5e9dc2c61247186536ffd7d2019c2e2360de785c2d6a2c767b29aa4ea3
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED516DB2A4AB468AE7768F25E84416937A0FB88B50F10C136DE6E43774EF3CE465C700
                                                                                                                                                                                                                                                                    Function 00007FFBAB00A810 Relevance: 37.0, APIs: 15, Strings: 6, Instructions: 204COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Dict_Err_Module_Object$ItemString$Create2DeallocFormatLong_MallocMem_MemoryObject_OccurredSys_Voidmemcpy
                                                                                                                                                                                                                                                                    • String ID: .lib$1.16.0$cffi extension module '%s' uses an unknown version tag %p. This module might need a more recent version of cffi than the one currently installed, which is %s$ffi$lib$modules
                                                                                                                                                                                                                                                                    • API String ID: 3634443470-3361925966
                                                                                                                                                                                                                                                                    • Opcode ID: 90539f0fe9caeed2dce3ee594ae95f3ae51846939cdf6949b15c18b8bf7c3c13
                                                                                                                                                                                                                                                                    • Instruction ID: 2aecad5a35df23f2693399832c9d62c25e8b277ff6f0973a4f2bd66f6e4cf470
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90539f0fe9caeed2dce3ee594ae95f3ae51846939cdf6949b15c18b8bf7c3c13
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A91A4B2A0AB82A6EF268F31E95466837A4FB44B84F458235DE6D47761DF3CE174C310
                                                                                                                                                                                                                                                                    Function 00007FFBAB033800 Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 171COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$Format$AccessAuditObjectfree$Arg_ErrorLastLengthParseStringTuplemallocmemcpymemset
                                                                                                                                                                                                                                                                    • String ID: %s: adding ACE would put ACL over size limit$AddAuditAccessObjectAce$AddAuditAccessObjectAce not supported by this version of Windows$AddAuditAccessObjectAce: unable to allocated %d bytes$PyACL::AddAuditAccessObjectAce$The object is not a PySID object$lllOOOii:AddAuditAccessObjectAce
                                                                                                                                                                                                                                                                    • API String ID: 282185603-1609464327
                                                                                                                                                                                                                                                                    • Opcode ID: 6db4bf8d7cc1094b69b0c3c0ffc797cd5642a177bd4620f33dfc7cf4a51c445a
                                                                                                                                                                                                                                                                    • Instruction ID: 315ee7ff0635275e2440a034368e9b945df4a269ddde9d5dd961986c3a37317f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6db4bf8d7cc1094b69b0c3c0ffc797cd5642a177bd4620f33dfc7cf4a51c445a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28813EB2B0AA4295E735CB71E8945AD73A0FB48784F409136DE6E53A74DF3CD425C704
                                                                                                                                                                                                                                                                    Function 00007FFBAB0335A0 Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 136COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$Arg_FormatParseStringTuple
                                                                                                                                                                                                                                                                    • String ID: %s: adding ACE would put ACL over size limit$AddAuditAccessAceEx$AddAuditAccessAceEx not supported by this version of Windows$AddAuditAccessAceEx: unable to allocated %d bytes$PyACL::AddAuditAccessAceEx$The object is not a PySID object$lllOii:AddAuditAccessAceEx
                                                                                                                                                                                                                                                                    • API String ID: 901859003-3541680958
                                                                                                                                                                                                                                                                    • Opcode ID: 165862e674f47473ae485717e6ccc81d22178b3852c41b2c0743920cb5c77fd5
                                                                                                                                                                                                                                                                    • Instruction ID: fd010216a8f4ca0d92156748712e0caf6054b320ffe94b1eb632a48bb5eb6378
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 165862e674f47473ae485717e6ccc81d22178b3852c41b2c0743920cb5c77fd5
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF614EB2A09A4286EA75CB35E89466977A0FB84B84F10D031DE5E43B74EF3CE465C704
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF1300 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 118threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: State_Thread$StateThisValue$ClearDeallocDeleteDictDict_EnsureErrorEval_FatalFuncItemObject_RestoreStringThread_acquire_lockThread_release_lockUncheckedmalloc
                                                                                                                                                                                                                                                                    • String ID: cffi.thread.canary$cffi: invalid ThreadCanaryObj->tstate$thread_canary_free_zombies
                                                                                                                                                                                                                                                                    • API String ID: 1895661259-237290086
                                                                                                                                                                                                                                                                    • Opcode ID: 23996a677e2a390183d7afd646abad8952481968d19b97264c56a64b149294bb
                                                                                                                                                                                                                                                                    • Instruction ID: 879b228144a2ae450ee669e1e01e64cd6591531ecf1d463633d42353052b581f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 23996a677e2a390183d7afd646abad8952481968d19b97264c56a64b149294bb
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF5128B5A1AB0292EF2A8F31E81002873A4FF89B95B484675CE5D47760DF3DE5B5C324
                                                                                                                                                                                                                                                                    Function 00007FFBAAFFC050 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 189COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_Err_ParseSizeStringTuple_
                                                                                                                                                                                                                                                                    • String ID: enumerators must be a list of strings$expected a primitive signed or unsigned base type$sO!O!O!:new_enum_type$tuple args must have the same size
                                                                                                                                                                                                                                                                    • API String ID: 4247878537-3833221460
                                                                                                                                                                                                                                                                    • Opcode ID: 244848a135ea7d04eacce0c1c80b83c147c520b365b5ee02534d69851ecf9ee6
                                                                                                                                                                                                                                                                    • Instruction ID: 489c21dae690641dc876c391ecf8f7dfce6f2a9465fa5b27128223990e8d0a85
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 244848a135ea7d04eacce0c1c80b83c147c520b365b5ee02534d69851ecf9ee6
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 319126B2A09B92C2EB668B71E45436D33A4FB85B94F448171CE5D837A4DF3DE05AC720
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF4A50 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 185COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Long$Err_Long_Occurred
                                                                                                                                                                                                                                                                    • String ID: read_raw_unsigned_data$read_raw_unsigned_data: bad integer size$value %s outside the range allowed by the bit field width: %s <= x <= %s
                                                                                                                                                                                                                                                                    • API String ID: 391545614-647553974
                                                                                                                                                                                                                                                                    • Opcode ID: d098bb4244e05f5889a73f9d59535a8fc6914a24918338621fc40650a7f9c2e8
                                                                                                                                                                                                                                                                    • Instruction ID: 0232f1ad5ed581f0ba4a1df4a8bc7da3acfae69cbecde67fb9f2d1bd14cf7b69
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d098bb4244e05f5889a73f9d59535a8fc6914a24918338621fc40650a7f9c2e8
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D61A8A1B0A642D6EE1ADF31E41413D2294BF45BE6F04D671CE6D867A0DF3DE06AC320
                                                                                                                                                                                                                                                                    Function 00007FFBAAFFD8B0 Relevance: 35.1, APIs: 16, Strings: 4, Instructions: 141COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Buffer_$Release$Err_$BufferContiguousFormatObject_String$Arg_Keywords_ParseSizeTuplememmove
                                                                                                                                                                                                                                                                    • String ID: OOn$contiguous buffer expected$expected a pointer or array ctype, got '%s'$negative size
                                                                                                                                                                                                                                                                    • API String ID: 3537947076-4176687996
                                                                                                                                                                                                                                                                    • Opcode ID: 0a652a35dc2cfcc1135ab4a7409fa3f1e366e959bf41b00577a95fc42e1f7e13
                                                                                                                                                                                                                                                                    • Instruction ID: 008883b9e95cb2f1bbc1ddc8486acb4601f27242c23250abd1ad9e32067c2a6a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a652a35dc2cfcc1135ab4a7409fa3f1e366e959bf41b00577a95fc42e1f7e13
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C57129A1A0AA86D1EF368B35E4503796364FB80B98F408133DD5D83674DF7EE46AC720
                                                                                                                                                                                                                                                                    Function 00007FFBAB03B410 Relevance: 33.4, APIs: 13, Strings: 6, Instructions: 143COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$DeallocFormatString$CharFreeMem_Sequence_TupleUnicode_Widefreemallocmemset
                                                                                                                                                                                                                                                                    • String ID: <NULL!!>$Getting WCHAR string$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$Sequence can contain at most %d items$Unable to allocate %d bytes
                                                                                                                                                                                                                                                                    • API String ID: 1433913835-2102981847
                                                                                                                                                                                                                                                                    • Opcode ID: 21f8da52230d937b978eb4a31948a6c2f75707e7583cefa331ccf9397c2dc41d
                                                                                                                                                                                                                                                                    • Instruction ID: 3edd52fb4c850306a50b0e1ae2cee3ee54c941d4483e887e5c1f461d0deb342e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21f8da52230d937b978eb4a31948a6c2f75707e7583cefa331ccf9397c2dc41d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC5141B2A0AB5285EA66DF35E44817973A0FB84B84F048035DE6E57770EF3DE465C704
                                                                                                                                                                                                                                                                    Function 00007FFBAB0333A0 Relevance: 33.4, APIs: 13, Strings: 6, Instructions: 123COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$AccessAuditFormatfree$Arg_ErrorLastLengthParseStringTuplemallocmemcpymemset
                                                                                                                                                                                                                                                                    • String ID: %s: adding ACE would put ACL over size limit$AddAuditAccessAce$AddAuditAccessAce: unable to allocated %d bytes$PyACL::AddAuditAccessAce$The object is not a PySID object$llOii:AddAuditAccessAce
                                                                                                                                                                                                                                                                    • API String ID: 3041754842-240227349
                                                                                                                                                                                                                                                                    • Opcode ID: ca061b9d969e830fbae753d764eb1414781053fa57e96a3fb5829134bc3ab70a
                                                                                                                                                                                                                                                                    • Instruction ID: 2d4bc27e9ee4f656a2d7da0cee0303cb58f655fc25a91983e8ea60243d8f95e8
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ca061b9d969e830fbae753d764eb1414781053fa57e96a3fb5829134bc3ab70a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5513EB2A0AA4286EB76CF36E8945797361FB84B84F148035DD6E47770EF3CE4698704
                                                                                                                                                                                                                                                                    Function 00007FFBAAFFA6B0 Relevance: 31.7, APIs: 6, Strings: 12, Instructions: 218COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    • ctype '%s' has size 0, xrefs: 00007FFBAAFFA739
                                                                                                                                                                                                                                                                    • argument, xrefs: 00007FFBAAFFA6C7
                                                                                                                                                                                                                                                                    • It is a struct with a zero-length array, which libffi does not support, xrefs: 00007FFBAAFFA83B
                                                                                                                                                                                                                                                                    • ctype '%s' not supported as %s. %s. Such structs are only supported as %s if the function is 'API mode' and non-variadic (i.e. declared inside ffibuilder.cdef()+ffibuilder.set_source() and not taking a final '...' argument), xrefs: 00007FFBAAFFA85B
                                                                                                                                                                                                                                                                    • ctype '%s' (size %zd) not supported as %s%s, xrefs: 00007FFBAAFFA9A0
                                                                                                                                                                                                                                                                    • ctype '%s' has incomplete type, xrefs: 00007FFBAAFFA732
                                                                                                                                                                                                                                                                    • ctype '%s' not supported as %s by libffi. Unions are only supported as %s if the function is 'API mode' and non-variadic (i.e. declared inside ffibuilder.cdef()+ffibuilder.set_source() and not taking a final '...' argument), xrefs: 00007FFBAAFFA967
                                                                                                                                                                                                                                                                    • It is a struct declared with "...;", but the C calling convention may depend on the missing fields; or, it contains anonymous struct/unions, xrefs: 00007FFBAAFFA79C
                                                                                                                                                                                                                                                                    • It is a 'packed' structure, with a different layout than expected by libffi, xrefs: 00007FFBAAFFA7AE
                                                                                                                                                                                                                                                                    • It is a struct with bit fields, which libffi does not support, xrefs: 00007FFBAAFFA844
                                                                                                                                                                                                                                                                    • return value, xrefs: 00007FFBAAFFA6C0
                                                                                                                                                                                                                                                                    • (the support for complex types inside libffi is mostly missing at this point, so CFFI only supports complex types as arguments or return value in API-mode functions), xrefs: 00007FFBAAFFA995
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: (the support for complex types inside libffi is mostly missing at this point, so CFFI only supports complex types as arguments or return value in API-mode functions)$It is a 'packed' structure, with a different layout than expected by libffi$It is a struct declared with "...;", but the C calling convention may depend on the missing fields; or, it contains anonymous struct/unions$It is a struct with a zero-length array, which libffi does not support$It is a struct with bit fields, which libffi does not support$argument$ctype '%s' (size %zd) not supported as %s%s$ctype '%s' has incomplete type$ctype '%s' has size 0$ctype '%s' not supported as %s by libffi. Unions are only supported as %s if the function is 'API mode' and non-variadic (i.e. declared inside ffibuilder.cdef()+ffibuilder.set_source() and not taking a final '...' argument)$ctype '%s' not supported as %s. %s. Such structs are only supported as %s if the function is 'API mode' and non-variadic (i.e. declared inside ffibuilder.cdef()+ffibuilder.set_source() and not taking a final '...' argument)$return value
                                                                                                                                                                                                                                                                    • API String ID: 0-3203576518
                                                                                                                                                                                                                                                                    • Opcode ID: d1148bff6a7a05db185e25489c82208e4ced0fa7152d48eb3935a052611645bd
                                                                                                                                                                                                                                                                    • Instruction ID: 926546eb650a9f34baff589f676300cdea0dca62f65300595d8f75ca3e0171d2
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d1148bff6a7a05db185e25489c82208e4ced0fa7152d48eb3935a052611645bd
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 429194B2A0AB42C5EA2ADF34E45067D27A8FB44B94F454072DE5D837A0DF3DD4AAC310
                                                                                                                                                                                                                                                                    Function 00007FFBAB0382F0 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 152COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: free$DescriptorSecurity$Err_Group$Arg_DaclFormatOwnerParseSaclStringTupleValidmalloc
                                                                                                                                                                                                                                                                    • String ID: Oi:SetSecurityDescriptorOwner$SetSecurityDescriptorGroup$SetSecurityDescriptorGroup - invalid sid$The object is not a PySID object
                                                                                                                                                                                                                                                                    • API String ID: 1524979833-2851344522
                                                                                                                                                                                                                                                                    • Opcode ID: 9f9b1e1cbeb73acd82663894f1a7e5a2444669f7bc6680b719a6a31e5c7f3ed6
                                                                                                                                                                                                                                                                    • Instruction ID: 42d17d022dfd1e3512cf31d58b5aab67c9a45dfb89e7af8659ad565915b2bf31
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9f9b1e1cbeb73acd82663894f1a7e5a2444669f7bc6680b719a6a31e5c7f3ed6
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E1515FA6B0A70296FB6A8F71D8041BA2B64BF44B88F448476DD2D53A74EF3CE465C304
                                                                                                                                                                                                                                                                    Function 00007FFBAB00A3D0 Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 134COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Dict_ItemString$DeallocErr_Object_$ExceptionFormatFromLongLong_Track
                                                                                                                                                                                                                                                                    • String ID: CData$CType$NULL$buffer$error$ffi.error$prim=%d
                                                                                                                                                                                                                                                                    • API String ID: 1491126023-3260522243
                                                                                                                                                                                                                                                                    • Opcode ID: a07ecf93c7fc1df0ba92e52b5944c9f73687566bd727b181e9303226523499b5
                                                                                                                                                                                                                                                                    • Instruction ID: e6f86af0a36f3852556daa92e90375daf7e3f4b6888c2ce23890e6f80c892f67
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a07ecf93c7fc1df0ba92e52b5944c9f73687566bd727b181e9303226523499b5
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A061E7E1E0BA4399FF2A9B35F86027823A0AF44B94F449136DD2E462B0DF7DE465C310
                                                                                                                                                                                                                                                                    Function 00007FFBAB034430 Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 98COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: String$Err_$CharUnicode_Wide
                                                                                                                                                                                                                                                                    • String ID: <NULL!!>$Attributes of PyDEVMODEW can't be deleted$DeviceName must be a string of length %d or less$Getting WCHAR string$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
                                                                                                                                                                                                                                                                    • API String ID: 3849944921-3701856451
                                                                                                                                                                                                                                                                    • Opcode ID: 7ea5646d6b80bd89ae1ee9a082443ed9e2ebac4530fa64dd982fa5363be63c70
                                                                                                                                                                                                                                                                    • Instruction ID: dfa16f1d17b71c877af54273464d1156f7613bd48984d2fe9f65bfbcdfd7ef0f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7ea5646d6b80bd89ae1ee9a082443ed9e2ebac4530fa64dd982fa5363be63c70
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A4181B2E1AB4285EA7ACF35E4941796360FF84B94F109131DE6E47675EF2CE4A4C700
                                                                                                                                                                                                                                                                    Function 00007FFBAB034640 Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 98COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: String$Err_$CharUnicode_Wide
                                                                                                                                                                                                                                                                    • String ID: <NULL!!>$Attributes of PyDEVMODEW can't be deleted$FormName must be a string of length %d or less$Getting WCHAR string$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
                                                                                                                                                                                                                                                                    • API String ID: 3849944921-358745228
                                                                                                                                                                                                                                                                    • Opcode ID: 1e2feec65036cf88bce28d36404236980f567f99f77ede5303f43bdc515e198d
                                                                                                                                                                                                                                                                    • Instruction ID: 2a7c4741b53825f82ccc7700ee48013a4f3ce42f9f061ebb6972a6409d0726d0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e2feec65036cf88bce28d36404236980f567f99f77ede5303f43bdc515e198d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62415FB6A1AB4285EA7ACF35E4941792360FF85B84F10D131DE6E4B674EF2CE4A5C300
                                                                                                                                                                                                                                                                    Function 00007FFBAB035D60 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 96COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_String$CharClearFreeMem_Unicode_Wide
                                                                                                                                                                                                                                                                    • String ID: <NULL!!>$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$Only strings and iids can be converted to a CLSID.$value is larger than a DWORD
                                                                                                                                                                                                                                                                    • API String ID: 443722841-2914159855
                                                                                                                                                                                                                                                                    • Opcode ID: 4a4796656935d043cec4a38253bfaec0730b2e87b38c15c541f6476bdc834749
                                                                                                                                                                                                                                                                    • Instruction ID: 9ebb5a7b4d4f2e59bd1d8e296bfabd1bc4c081585c0a1f944dd5c780cea2ca83
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4a4796656935d043cec4a38253bfaec0730b2e87b38c15c541f6476bdc834749
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 304128B2B0AB4286FA6A8B35E4581792360FF88B94F44C131DD6E97774EF6CE4648704
                                                                                                                                                                                                                                                                    Function 00007FFBAAFFBC60 Relevance: 30.0, APIs: 12, Strings: 5, Instructions: 231memoryCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    • %s: callback with unsupported argument or return type or with '...', xrefs: 00007FFBAAFFBE7E
                                                                                                                                                                                                                                                                    • Cannot allocate write+execute memory for ffi.callback(). You might be running on a system that prevents this. For more information, see https://cffi.readthedocs.io/en/latest/using.html#callbacks, xrefs: 00007FFBAAFFBDED
                                                                                                                                                                                                                                                                    • FFI_TRAMPOLINE_SIZE too small in src/c/libffi_x86_x64\ffi.c, xrefs: 00007FFBAAFFBF7C
                                                                                                                                                                                                                                                                    • O!O|OO:callback, xrefs: 00007FFBAAFFBC92
                                                                                                                                                                                                                                                                    • libffi failed to build this callback, xrefs: 00007FFBAAFFBFDA
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$Dealloc$FormatObject_String$AllocArg_ErrorFatalInfoParseSizeSystemTrackTuple_Virtual
                                                                                                                                                                                                                                                                    • String ID: %s: callback with unsupported argument or return type or with '...'$Cannot allocate write+execute memory for ffi.callback(). You might be running on a system that prevents this. For more information, see https://cffi.readthedocs.io/en/latest/using.html#callbacks$FFI_TRAMPOLINE_SIZE too small in src/c/libffi_x86_x64\ffi.c$O!O|OO:callback$libffi failed to build this callback
                                                                                                                                                                                                                                                                    • API String ID: 1427098410-3680541158
                                                                                                                                                                                                                                                                    • Opcode ID: 531ace1ebd8e8418f126f3bbeb1b1534d6e644ef02225d7ddb54071c0c1e075b
                                                                                                                                                                                                                                                                    • Instruction ID: 8e93b1316b17b3f3b8220fb88b4bf3030633f7e14fbd7286b547528a66cff423
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 531ace1ebd8e8418f126f3bbeb1b1534d6e644ef02225d7ddb54071c0c1e075b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CBB12BB6A0AB42C5EB2A8F35E85426C73A8FB44B84F558132CE5D87764DF3DD46AC310
                                                                                                                                                                                                                                                                    Function 00007FFBAB009F40 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 160COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Dealloc$Err_$Arg_AttrDict_FormatFromItemLong_MemoryObject_ParseSizeStringTuple_Unicode_Void
                                                                                                                                                                                                                                                                    • String ID: OzOO$__name__$ffi.def_extern('%s'): no 'extern "Python"' function with this name
                                                                                                                                                                                                                                                                    • API String ID: 75418018-1717190264
                                                                                                                                                                                                                                                                    • Opcode ID: d31dac3b533164d606ae354c2a6524067213ed7864732d7b4d0fe5db01438fe3
                                                                                                                                                                                                                                                                    • Instruction ID: 9644a79456d8c121c0690c4e88423b57575df51c4c323c6d37c729dbe01a1447
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d31dac3b533164d606ae354c2a6524067213ed7864732d7b4d0fe5db01438fe3
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B96110B2E0A786A6EE268F75D8242B933A0BF45B95F048131DE2D467B0DF3CE4658310
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF5090 Relevance: 29.8, APIs: 14, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$Dealloc$FetchRestoreUnicode_$ArgsCallClearFormatFromFunctionObject_UnraisableWrite
                                                                                                                                                                                                                                                                    • String ID: %c%s%R%s$%c%s%s$rom callback for ffi.gc
                                                                                                                                                                                                                                                                    • API String ID: 2923111776-761869168
                                                                                                                                                                                                                                                                    • Opcode ID: fd19486c520c1709d55d5ea9816326a3eab8d607ff9587c6e9697dad4fe00c40
                                                                                                                                                                                                                                                                    • Instruction ID: 32f9b3d5ded9d93629af22d117f039506d1aff354813e0dda16e6d33f524c964
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fd19486c520c1709d55d5ea9816326a3eab8d607ff9587c6e9697dad4fe00c40
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0417CB2A0AA42D2EE2A8F31E91427D7364FB85B91F048135CE5E43764DF3DE46AC710
                                                                                                                                                                                                                                                                    Function 00007FFBAB037E90 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 138COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: DescriptorSecurityfree$Err_SaclString$Arg_DaclGroupLengthOwnerParseTupleValid
                                                                                                                                                                                                                                                                    • String ID: SetSecurityDescriptorSacl$The object is not a PyACL object$iOi:SetSacl
                                                                                                                                                                                                                                                                    • API String ID: 1467358711-1973599164
                                                                                                                                                                                                                                                                    • Opcode ID: 9231b8ea572b5636ead66590a9776eb837efe4897c4311e3970fda6495e9ad4a
                                                                                                                                                                                                                                                                    • Instruction ID: 7b9f4bbb295fe9d4da821524ccbcaedafa244f996b8a5852568bbd5a9fdd2775
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9231b8ea572b5636ead66590a9776eb837efe4897c4311e3970fda6495e9ad4a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 755182B6B0AA0289FB668F71D8445F92BA0FF84B84F448436DD2E53665EF3CD565C304
                                                                                                                                                                                                                                                                    Function 00007FFBAB038110 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 135COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: DescriptorSecurityfree$Err_OwnerString$Arg_DaclGroupLengthParseSaclTupleValid
                                                                                                                                                                                                                                                                    • String ID: Oi:SetSecurityDescriptorOwner$SetSecurityDescriptorOwner$The object is not a PySID object
                                                                                                                                                                                                                                                                    • API String ID: 965136164-2833774516
                                                                                                                                                                                                                                                                    • Opcode ID: f308e441dfbb53ca07801ac1447a774fa23f0ff6a235abad11ef225bd6e745d2
                                                                                                                                                                                                                                                                    • Instruction ID: 4e8fd49e7332576e55c16ef3a84e8c23b2275950cec8d6bf1612c9dec01585a0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f308e441dfbb53ca07801ac1447a774fa23f0ff6a235abad11ef225bd6e745d2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 005182B6B0AB0285EB668F71D8841B92BA4FF44B84F488476DD2E53A74DF3CE459C344
                                                                                                                                                                                                                                                                    Function 00007FFBAB031F20 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 120COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Dealloc$Arg_Err_KeywordsParseStringTupleTuple_
                                                                                                                                                                                                                                                                    • String ID: Identifier must be PySID object when TrusteeForm = TRUSTEE_IS_SID$Identifier must be string/unicode when TrusteeForm = TRUSTEE_IS_NAME$Invalid value for TrusteeForm$The object is not a PySID object$Trustee must be a dictionary containing {MultipleTrustee,MultipleTrusteeOperation,TrusteeForm,TrusteeType,Identifier}$TrusteeForm not yet supported$llO|Ol
                                                                                                                                                                                                                                                                    • API String ID: 959004690-581804069
                                                                                                                                                                                                                                                                    • Opcode ID: c4c0ce628861c8fec1ceac88b97acf6f7d34d5cf582ff69800a3f1226fa9a1b6
                                                                                                                                                                                                                                                                    • Instruction ID: c4d333e65427fbc835b69b12b5f78c5002a676ff2c9ec1513419e1c280afc94a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c4c0ce628861c8fec1ceac88b97acf6f7d34d5cf582ff69800a3f1226fa9a1b6
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 635108B260AA4295EB368F25E48416977A4FB88B84F50C035CE6E47775EF3CE568C704
                                                                                                                                                                                                                                                                    Function 00007FFBAB03CE10 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 116COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$Buffer_ClearFormatFreeMem_ReleaseString$BufferCharLong_Object_OccurredUnicode_VoidWide
                                                                                                                                                                                                                                                                    • String ID: Buffer cannot be None$Buffer length can be at most %d characters$WPARAM must be a unicode string, int, or buffer object (got %s)
                                                                                                                                                                                                                                                                    • API String ID: 3109676845-3026970096
                                                                                                                                                                                                                                                                    • Opcode ID: c0d59195eee20e608be03f930a8afed0d4afed418b1253203d241cab4f1e62ee
                                                                                                                                                                                                                                                                    • Instruction ID: 28561efa9c2510d1f15431c1404e332226a56f727640f8c00cc1f55b53437c96
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0d59195eee20e608be03f930a8afed0d4afed418b1253203d241cab4f1e62ee
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 87510EB6A0AB4285EB768F35E45423963A0EF84B94F458031DE6E93774EF3DE4A4C304
                                                                                                                                                                                                                                                                    Function 00007FFBAB032120 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 98COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_String$BuildCharFromUnicode_ValueWide
                                                                                                                                                                                                                                                                    • String ID: Identifier$Invalid value for TrusteeForm$MultipleTrustee$MultipleTrusteeOperation$TrusteeForm$TrusteeForm not yet supported$TrusteeType${s:O,s:l,s:l,s:l,s:N}
                                                                                                                                                                                                                                                                    • API String ID: 2305401427-1816636059
                                                                                                                                                                                                                                                                    • Opcode ID: 257fee3f03db89f1de94a1dcf2e0eae39d905db714e31581683085fd8502cec9
                                                                                                                                                                                                                                                                    • Instruction ID: 0224c0b9fa67a64fdd0e58cd5e16bf54f428afed6d4551e9791bfcaf23ecb853
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 257fee3f03db89f1de94a1dcf2e0eae39d905db714e31581683085fd8502cec9
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6E416FB2A0AA4699E7768F25F84426973A0FB94B90F14C135CE7E53774EF3CE4658700
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF63A0 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 167COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$DeallocFormatOccurred$IterLong_Object_Ssize_tStringSubtypeType_memcpymemmove
                                                                                                                                                                                                                                                                    • String ID: got more than %zd values to unpack$need %zd values to unpack, got %zd$need a string of length %zd, got %zd
                                                                                                                                                                                                                                                                    • API String ID: 149633512-281290674
                                                                                                                                                                                                                                                                    • Opcode ID: c93fd76e10ec568930735dded4fa893e891681db7a779c4936b8f81ff64a8fee
                                                                                                                                                                                                                                                                    • Instruction ID: 47789c5ad8029d9d2e37be325355de6b43b91b841137c037fc4b4011755cadcb
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c93fd76e10ec568930735dded4fa893e891681db7a779c4936b8f81ff64a8fee
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6371B7E1A0A682D1EE6A9F35D81027C63A4BF44B88F444079DD1D937B4EF3DE45AC320
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF6AE0 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 158COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AttrGenericObject_
                                                                                                                                                                                                                                                                    • String ID: cdata '%s' has no attribute '%s'$cdata '%s' has no field '%s'$cdata '%s' points to an opaque type: cannot read fields$read_raw_signed_data$read_raw_signed_data: bad integer size$read_raw_unsigned_data$read_raw_unsigned_data: bad integer size
                                                                                                                                                                                                                                                                    • API String ID: 3652601395-836776902
                                                                                                                                                                                                                                                                    • Opcode ID: ffad2c4d2b61c59a13c087e4f2ce7ada42b3e4de94935a0529020c5baa34010d
                                                                                                                                                                                                                                                                    • Instruction ID: e39628c54a96ca2cf75938ea2500c57d1a8115815eed02fa454413c712d1d19b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ffad2c4d2b61c59a13c087e4f2ce7ada42b3e4de94935a0529020c5baa34010d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C851D8E1E0A6C2D1EAAE8B31DC5017C6368EF51B84F10417ADE5E47395DE2EE41A8320
                                                                                                                                                                                                                                                                    Function 00007FFBAB039490 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 113COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Authority$CountErrorIdentifierLastValid
                                                                                                                                                                                                                                                                    • String ID: %lu$-%lu$0x%02hx%02hx%02hx%02hx%02hx%02hx$S-%lu-
                                                                                                                                                                                                                                                                    • API String ID: 228009767-531523367
                                                                                                                                                                                                                                                                    • Opcode ID: b339956fccc20c37dc137844cdfb54516e25dbc4dbc000efbe68bd1d43e75f9a
                                                                                                                                                                                                                                                                    • Instruction ID: 784b4488b3d7acbda9cee854dde7c15dd80c39928955461c4cd3b2fa5e1577bf
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b339956fccc20c37dc137844cdfb54516e25dbc4dbc000efbe68bd1d43e75f9a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA51AFB3A096D186D7668F25E8542797BA0FB85B85F048135DEAE43774EF3CD4A8CB00
                                                                                                                                                                                                                                                                    Function 00007FFBAB03A900 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 95memoryCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: String$Err_$AllocBytes_CharTaskWide$ByteFormatFreeMem_MultiSizeUnicode_memcpy
                                                                                                                                                                                                                                                                    • String ID: <NULL!!>$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
                                                                                                                                                                                                                                                                    • API String ID: 1531658785-4125661472
                                                                                                                                                                                                                                                                    • Opcode ID: 66ce21fda171c5b8bf048c3557db498c30436750ed0329add0b3282728a1211c
                                                                                                                                                                                                                                                                    • Instruction ID: 6f85469425fa73cb9f1a26f8d294dd81cc018ac1b4e721f2ec633baa5ab0a47a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 66ce21fda171c5b8bf048c3557db498c30436750ed0329add0b3282728a1211c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BD4151B2A0BB8285EA6A8F65E5482797360BF84B80F44C131DE6E13774EF3CE424C704
                                                                                                                                                                                                                                                                    Function 00007FFBAB03A760 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: String$Err_$AllocBytes_CharTaskWide$ByteFormatFreeMem_MultiSizeUnicode_memcpy
                                                                                                                                                                                                                                                                    • String ID: <NULL!!>$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
                                                                                                                                                                                                                                                                    • API String ID: 1531658785-4125661472
                                                                                                                                                                                                                                                                    • Opcode ID: 8f9c573c28dfd467008a411df4f1904d4481c3806688cbfaab18af106475a5a8
                                                                                                                                                                                                                                                                    • Instruction ID: 5fb973d433b76df09003395eacf48c0a440381459d3a592be32f823917d15265
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8f9c573c28dfd467008a411df4f1904d4481c3806688cbfaab18af106475a5a8
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B4100B2A1AB8285FA6ACF25E4482797360BF84B80F448535DD6E537B5EF3CE425C704
                                                                                                                                                                                                                                                                    Function 00007FFBAB031DB0 Relevance: 26.3, APIs: 13, Strings: 2, Instructions: 86COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CheckErr_Mapping_String
                                                                                                                                                                                                                                                                    • String ID: Object must be a mapping (dictionary, class instance, etc$__dict__
                                                                                                                                                                                                                                                                    • API String ID: 1486305882-910247860
                                                                                                                                                                                                                                                                    • Opcode ID: 612e479974e9f190fc4ca7c05ebc1e853e37b3b18ce9a82dd099f0befac20253
                                                                                                                                                                                                                                                                    • Instruction ID: 444e889251943c7dcec25586ff1c1efb3b2ce5e32d9ece1c8ee7162dc5d95790
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 612e479974e9f190fc4ca7c05ebc1e853e37b3b18ce9a82dd099f0befac20253
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C313571A0BA4286EA6A9B36E84413963A0FF89F95F08D034DD5F17774EF3CD4A59304
                                                                                                                                                                                                                                                                    Function 00007FFBAB032FD0 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 159COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • PyErr_Format.PYTHON312 ref: 00007FFBAB033046
                                                                                                                                                                                                                                                                    • PyErr_SetString.PYTHON312 ref: 00007FFBAB0330AD
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00007FFBAB033114
                                                                                                                                                                                                                                                                    • GetLengthSid.ADVAPI32 ref: 00007FFBAB033130
                                                                                                                                                                                                                                                                    • PyErr_Format.PYTHON312 ref: 00007FFBAB03315B
                                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBAB03316B
                                                                                                                                                                                                                                                                    • PyErr_Format.PYTHON312 ref: 00007FFBAB033190
                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140 ref: 00007FFBAB0331A3
                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140 ref: 00007FFBAB0331B3
                                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBAB033218
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C0AB
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C11A
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: PyUnicode_DecodeMBCS.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C1EB
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C200
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C218
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: PyErr_SetObject.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C22D
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: _Py_Dealloc.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C23C
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$Format$ErrorLast$BuildDeallocDecodeFreeLengthLocalMessageObjectSizeStringUnicode_Value_freemallocmemcpymemset
                                                                                                                                                                                                                                                                    • String ID: %s not supported by this version of Windows$%s: adding ACE would put ACL over size limit$%s: unable to allocated %d bytes$The object is not a PySID object
                                                                                                                                                                                                                                                                    • API String ID: 4156918035-1709335586
                                                                                                                                                                                                                                                                    • Opcode ID: 308fc0bfe6fe7bda254db686d5e7a50097f48a6ab125105c17bb65d5ddd64eb2
                                                                                                                                                                                                                                                                    • Instruction ID: 0de228eed5cacb06b64aabf958c33e0602721c0ca635c2d97f33fdba40011bd0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 308fc0bfe6fe7bda254db686d5e7a50097f48a6ab125105c17bb65d5ddd64eb2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B16197B2A0EA4281E6369B32E89427A63A0FF84BC4F509031DD6E47B75EF3CD4658704
                                                                                                                                                                                                                                                                    Function 00007FFBAAFFD680 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 111COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    • expected a pointer or array ctype, got '%s', xrefs: 00007FFBAAFFD6B1
                                                                                                                                                                                                                                                                    • from_buffer() cannot return the address of a unicode object, xrefs: 00007FFBAAFFD6DF
                                                                                                                                                                                                                                                                    • from_buffer('%s', ..): the actual length of the array cannot be computed, xrefs: 00007FFBAAFFD7F5
                                                                                                                                                                                                                                                                    • buffer is too small (%zd bytes) for '%s' (%zd bytes), xrefs: 00007FFBAAFFD78C
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$FormatString
                                                                                                                                                                                                                                                                    • String ID: buffer is too small (%zd bytes) for '%s' (%zd bytes)$expected a pointer or array ctype, got '%s'$from_buffer('%s', ..): the actual length of the array cannot be computed$from_buffer() cannot return the address of a unicode object
                                                                                                                                                                                                                                                                    • API String ID: 4212644371-2010142110
                                                                                                                                                                                                                                                                    • Opcode ID: ed89c74de89fc3dbda2aeb403a9b900ed601052ccc3c6e607f7b8b6d4a045a18
                                                                                                                                                                                                                                                                    • Instruction ID: c2d7702a9ba29972d465001e579ad89f80dada16dd6a404e8ae4f7b7f4c89ce9
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed89c74de89fc3dbda2aeb403a9b900ed601052ccc3c6e607f7b8b6d4a045a18
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 175160A1A0AA42D6EB268F35E45027D23A4FB48FC8F444572DE5D87764DF3DE46AC310
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF61B0 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 94COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$FormatLong_OccurredSsize_t$String
                                                                                                                                                                                                                                                                    • String ID: cdata of type '%s' cannot be indexed$index too large (expected %zd <= %zd)$negative index$slice start > stop$slice start must be specified$slice stop must be specified$slice with step not supported
                                                                                                                                                                                                                                                                    • API String ID: 564475518-3973974439
                                                                                                                                                                                                                                                                    • Opcode ID: f8cc392c5455b5ecb4282149eccd3fe705701257680f47cc1a3ae1e64568e2a2
                                                                                                                                                                                                                                                                    • Instruction ID: fe520c8aefc261db1d2f792132a42eb1e96c407f9e05dd35069be17986c050b4
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f8cc392c5455b5ecb4282149eccd3fe705701257680f47cc1a3ae1e64568e2a2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7841B8A0E0BA42D1EE668F75E85007CA364FB44B94F408679DD2D837E4DF3DE46A8320
                                                                                                                                                                                                                                                                    Function 00007FFBAB03C8D0 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 52COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Long$FromLong_Unsigned$BuildSizeValue_
                                                                                                                                                                                                                                                                    • String ID: OtherOperationCount$OtherTransferCount$ReadOperationCount$ReadTransferCount$WriteOperationCount$WriteTransferCount${s:N,s:N,s:N,s:N,s:N,s:N}
                                                                                                                                                                                                                                                                    • API String ID: 3939590852-408589094
                                                                                                                                                                                                                                                                    • Opcode ID: c98b3276037aab841400b000af896ada310c42ae489b673823bfa69c289be3b2
                                                                                                                                                                                                                                                                    • Instruction ID: 43b8c348f5206d4d488f56af6e13fc2d5a38acfdde4795fbaafe04006a8215be
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c98b3276037aab841400b000af896ada310c42ae489b673823bfa69c289be3b2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF210576A0AF4685D625CF21F84446A73B8FB88B91B518136EEAE43734EF3CD165CB00
                                                                                                                                                                                                                                                                    Function 00007FFBAB006830 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 176COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Dict_Err_FormatItem$DeallocUnicode_
                                                                                                                                                                                                                                                                    • String ID: or $cdata object$ctype object$expected a %s%s%s%s%s, got '%.200s'$string$the type '%s%s' is a function type, not a pointer-to-function type$unexpected symbol
                                                                                                                                                                                                                                                                    • API String ID: 3047486896-3137146848
                                                                                                                                                                                                                                                                    • Opcode ID: f08f0bf7be27eab3f00e1bccdfe456a648122da6d3620153f4234f4f7ffe1bd2
                                                                                                                                                                                                                                                                    • Instruction ID: b306da2e6c31c08dd87c187b6221f227c6bcda8c214fe06c5af9a25025798cd8
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f08f0bf7be27eab3f00e1bccdfe456a648122da6d3620153f4234f4f7ffe1bd2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 978161A1A0AB82A5EF66CB21E4602B973A6FB45B84F44C036DE6D43774DF3CE564C340
                                                                                                                                                                                                                                                                    Function 00007FFBAB0085A0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 155COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • PyUnicode_AsUTF8.PYTHON312(?,?,00000000,?,?,00000000,00007FFBAB009186), ref: 00007FFBAB0085CA
                                                                                                                                                                                                                                                                    • PyErr_SetString.PYTHON312(?,?,00000000,?,?,00000000,00007FFBAB009186), ref: 00007FFBAB00864A
                                                                                                                                                                                                                                                                    • PyDict_GetItem.PYTHON312(?,?,00000000,?,?,00000000,00007FFBAB009186), ref: 00007FFBAB00867F
                                                                                                                                                                                                                                                                    • PyTuple_GetItem.PYTHON312(?,?,00000000,?,?,00000000,00007FFBAB009186), ref: 00007FFBAB0086B7
                                                                                                                                                                                                                                                                    • PyErr_Occurred.PYTHON312(?,?,00000000,?,?,00000000,00007FFBAB009186), ref: 00007FFBAB0086E0
                                                                                                                                                                                                                                                                    • PyUnicode_AsUTF8.PYTHON312(?,?,00000000,?,?,00000000,00007FFBAB009186), ref: 00007FFBAB008740
                                                                                                                                                                                                                                                                    • PyErr_Format.PYTHON312(?,?,00000000,?,?,00000000,00007FFBAB009186), ref: 00007FFBAB00875D
                                                                                                                                                                                                                                                                    • PyDict_SetItem.PYTHON312(?,?,00000000,?,?,00000000,00007FFBAB009186), ref: 00007FFBAB008A25
                                                                                                                                                                                                                                                                    • _Py_Dealloc.PYTHON312(?,?,00000000,?,?,00000000,00007FFBAB009186), ref: 00007FFBAB008A3B
                                                                                                                                                                                                                                                                    • PyErr_Format.PYTHON312(?,?,00000000,?,?,00000000,00007FFBAB009186), ref: 00007FFBAB008A5B
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$Item$Dict_FormatUnicode_$DeallocOccurredStringTuple_
                                                                                                                                                                                                                                                                    • String ID: cffi library '%.200s' has no function, constant or global variable named '%.200s'$in lib_build_attr: op=%d$recursion overflow in ffi.include() delegations
                                                                                                                                                                                                                                                                    • API String ID: 3583525245-1263113588
                                                                                                                                                                                                                                                                    • Opcode ID: dc47f1c57c4c3345464a3b157b8736e8e95132726a6e71f5480cf8bc98f0e43a
                                                                                                                                                                                                                                                                    • Instruction ID: f82edd69c4afae79729123fa16373405c60e1d67a7d543f2cdf4da47b9604524
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc47f1c57c4c3345464a3b157b8736e8e95132726a6e71f5480cf8bc98f0e43a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C51A8A2A0A742A5EE768B21D46427A6BA0FF45FD4F44C131CE2D47B64EF3CE5759300
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF97F0 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 138COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$FormatString
                                                                                                                                                                                                                                                                    • String ID: $[%llu]$array item of unknown size: '%s'$array size would overflow a Py_ssize_t$first arg must be a pointer ctype
                                                                                                                                                                                                                                                                    • API String ID: 4212644371-3798105388
                                                                                                                                                                                                                                                                    • Opcode ID: 0c37932ae78edde12b46458860d0e4454a4a5ce4ba247365ae5da9be072d1412
                                                                                                                                                                                                                                                                    • Instruction ID: 2a54976802ae2cf61102bd1e1c70006fd8c6298eaac9ec8537687a0cac715382
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c37932ae78edde12b46458860d0e4454a4a5ce4ba247365ae5da9be072d1412
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A35190B2A1AB82D6EB25CF35E8902A937A4FB48788F414131DE5E87764DF3DD059C700
                                                                                                                                                                                                                                                                    Function 00007FFBAB032C10 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 130COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_String
                                                                                                                                                                                                                                                                    • String ID: %s not supported by this version of Windows$%s: adding ACE would put ACL over size limit$%s: unable to allocated %d bytes$The object is not a PySID object
                                                                                                                                                                                                                                                                    • API String ID: 1450464846-1709335586
                                                                                                                                                                                                                                                                    • Opcode ID: 33818feda3cc014b957c6b151036ecc04b214d1a4c29feecf4a7cc7c90388e06
                                                                                                                                                                                                                                                                    • Instruction ID: f4389d9a4d99f1abb72958bf803174056cea209631cba37e1ab74ad50bb07c38
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 33818feda3cc014b957c6b151036ecc04b214d1a4c29feecf4a7cc7c90388e06
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 945141B2A0AB4286E6769B36E85413A6360BF84FC4F14C031DD6E57B75EF3CE4658704
                                                                                                                                                                                                                                                                    Function 00007FFBAB0328D0 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 129COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_String
                                                                                                                                                                                                                                                                    • String ID: %s not supported by this version of Windows$%s: adding ACE would put ACL over size limit$%s: unable to allocated %d bytes$The object is not a PySID object
                                                                                                                                                                                                                                                                    • API String ID: 1450464846-1709335586
                                                                                                                                                                                                                                                                    • Opcode ID: 1e022e470222c007c52509349f617818019dffee254f32b8763a13ec9a428511
                                                                                                                                                                                                                                                                    • Instruction ID: 16c106adfa355fc7dde73de0e03cde88a418a87616bdd41e3732dc4e8c8b8a48
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e022e470222c007c52509349f617818019dffee254f32b8763a13ec9a428511
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8051A5B2B0AA4786E6369B36E8640396390BF89FC4F548031DD6E47774EE3CE4658304
                                                                                                                                                                                                                                                                    Function 00007FFBAB00A640 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 122COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Dealloc$AttrObject_StringTuple_$Err_FormatImportImport_ModuleSubtypeType_
                                                                                                                                                                                                                                                                    • String ID: ffi$lib$while loading %.200s: failed to import ffi, lib from %.200s
                                                                                                                                                                                                                                                                    • API String ID: 1456096276-3368324463
                                                                                                                                                                                                                                                                    • Opcode ID: c978e38621913aacdc9dc89497d4365d3ba83e581739361d388553f9807c2fbe
                                                                                                                                                                                                                                                                    • Instruction ID: 52b661f9932fd2c6294ff404b7ca0e2eb9a14fbfa495c058c27de14257d68219
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c978e38621913aacdc9dc89497d4365d3ba83e581739361d388553f9807c2fbe
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2512BB6A0BA82A5EE668F25E86433963B0AF44B94F45C135CE6D43760EF7CE4658300
                                                                                                                                                                                                                                                                    Function 00007FFBAB03C9C0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 115COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$DeallocFormatSequence_StringTuple
                                                                                                                                                                                                                                                                    • String ID: Sequence can contain at most %d items$Sequence of dwords cannot be None$Unable to allocate %d bytes
                                                                                                                                                                                                                                                                    • API String ID: 3107502305-158408534
                                                                                                                                                                                                                                                                    • Opcode ID: 5b349e25c7462d1a215725f54d91a1bc1a1f425adf9fc773b27ac9dc6a667d2c
                                                                                                                                                                                                                                                                    • Instruction ID: fce1ac8bcd0e738e46810ba52673c0e39cd13f29cde665457eba8b28c65b8ee3
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5b349e25c7462d1a215725f54d91a1bc1a1f425adf9fc773b27ac9dc6a667d2c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 454120B2A06B0686EA76CF25E85813973A4FB88B94F458031CD6D83720EF3CE4A5D704
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF1670 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 100COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_Err_Keywords_MemoryParseSizeTupleValuemalloc
                                                                                                                                                                                                                                                                    • String ID: (iO)$Windows Error 0x%X
                                                                                                                                                                                                                                                                    • API String ID: 4153797932-3802556843
                                                                                                                                                                                                                                                                    • Opcode ID: 0c8e7fed103865a9da063e96b04b3f8056392c2eeee03d6b7346da1d5b933f86
                                                                                                                                                                                                                                                                    • Instruction ID: 6231f8cac351e92cc5113a1e7a696ff7d0eb3fcc09b40dc7b4b0057038adba49
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c8e7fed103865a9da063e96b04b3f8056392c2eeee03d6b7346da1d5b933f86
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6415FA2A0AB4682EF268B35E41017973A1FF94BD0F544231DE5D46B74EF3DE4A98B10
                                                                                                                                                                                                                                                                    Function 00007FFBAB037770 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • IsValidSecurityDescriptor.ADVAPI32(?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB037780
                                                                                                                                                                                                                                                                    • PyErr_SetString.PYTHON312(?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03779B
                                                                                                                                                                                                                                                                    • GetSecurityDescriptorLength.ADVAPI32(?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB0377B6
                                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB0377C4
                                                                                                                                                                                                                                                                    • MakeSelfRelativeSD.ADVAPI32(?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB0377DD
                                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB0377EE
                                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB0377FE
                                                                                                                                                                                                                                                                    • PyErr_Format.PYTHON312(?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB037822
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: DescriptorErr_Securitymalloc$FormatLengthMakeRelativeSelfStringValidfree
                                                                                                                                                                                                                                                                    • String ID: Invalid Security descriptor$MakeSelfRelativeSD$Unable to allocate %d bytes
                                                                                                                                                                                                                                                                    • API String ID: 1101611553-2210018374
                                                                                                                                                                                                                                                                    • Opcode ID: cdd9a8532c88bff841c07cfd6c696265eb762b888d14b7727aee3e3aa6988e8e
                                                                                                                                                                                                                                                                    • Instruction ID: fb574c8c9639f9ff2ca7ce51f9d5edd8a64422d8ec009536f220d749ccab51f1
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cdd9a8532c88bff841c07cfd6c696265eb762b888d14b7727aee3e3aa6988e8e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA3150B2B1AA4182EBA68B35F45426923A0FB88B84F448031DE6E97775EF3CD465C704
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF59E0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 129COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: LongLong_
                                                                                                                                                                                                                                                                    • String ID: int() not supported on cdata '%s'$read_raw_float_data$read_raw_float_data: bad float size$read_raw_signed_data$read_raw_signed_data: bad integer size
                                                                                                                                                                                                                                                                    • API String ID: 1954241474-3524632987
                                                                                                                                                                                                                                                                    • Opcode ID: 8156c03ea262210107a65f87886e743e96781c3b08e2bd21cb6c51be280090ed
                                                                                                                                                                                                                                                                    • Instruction ID: ebb08a5c992ab0a56e976351eb0477f283b4fb3caf8ca1b5aba2b146e28b0b18
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8156c03ea262210107a65f87886e743e96781c3b08e2bd21cb6c51be280090ed
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 895195B5E0AA02D2EF5A8B35D59013C23A5FB85B94F548176CE1D433B4DE3DE4A6C720
                                                                                                                                                                                                                                                                    Function 00007FFBAB031BC0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 127COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_Formatmalloc
                                                                                                                                                                                                                                                                    • String ID: Ace type %d is not supported yet$Error reordering ACL: Unable to allocate acl of size %d$ReorderACL
                                                                                                                                                                                                                                                                    • API String ID: 1659041409-545600788
                                                                                                                                                                                                                                                                    • Opcode ID: c18d9d8ae7d97ae56a7e08c44d8be784a2ee1578bc8d9adb9b86b188d5208fff
                                                                                                                                                                                                                                                                    • Instruction ID: ee28869375426778ee3e17f32123f58216130d1881a225f74e753f87c35fcddd
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c18d9d8ae7d97ae56a7e08c44d8be784a2ee1578bc8d9adb9b86b188d5208fff
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6051C3B2A0D69281E6718F32E44427A77A0FB8AB80F44C035DDAD93764DE3CE065D704
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF7B30 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 109COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: DeallocErr_Object_$CallFormatFunction_InitSizeStringcallocmallocmemset
                                                                                                                                                                                                                                                                    • String ID: alloc() must return a cdata object (got %.200s)$alloc() must return a cdata pointer, not '%s'$alloc() returned NULL
                                                                                                                                                                                                                                                                    • API String ID: 4240332552-2229446564
                                                                                                                                                                                                                                                                    • Opcode ID: 7a8470d5682ceb511887bc05f59cc4d13425495b1905829d10a2987ff6e73cc1
                                                                                                                                                                                                                                                                    • Instruction ID: 15336f178600c3af60b979c395fbc39975a2f31adf76a542bb958733ed2448fe
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7a8470d5682ceb511887bc05f59cc4d13425495b1905829d10a2987ff6e73cc1
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F51B4E1A0AB42D5EB2A8F31E85027873A5FB44B80F448071DE5D837A4DF3EE469C360
                                                                                                                                                                                                                                                                    Function 00007FFBAB036AA0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 108COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: DeallocErr_StringUnicode_
                                                                                                                                                                                                                                                                    • String ID: Internal$InternalHigh$The object is not a PyHANDLE object$can't delete OVERLAPPED attributes$hEvent
                                                                                                                                                                                                                                                                    • API String ID: 3427960318-2811562281
                                                                                                                                                                                                                                                                    • Opcode ID: 4afe078daea3ad5df394d0a962044eaf008b59984f3ff696577ffb95ab0c4951
                                                                                                                                                                                                                                                                    • Instruction ID: ad2a60e5f4606283d6149bef1a8fb94ced8d11adbc75fae9109284ce88dfea14
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4afe078daea3ad5df394d0a962044eaf008b59984f3ff696577ffb95ab0c4951
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 784170B2A1EA4281EA768B76E45417923A0FF85B84F548131DE6E437B5EF2CE4B08704
                                                                                                                                                                                                                                                                    Function 00007FFBAAFFBAF0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 102COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Callable_CheckDeallocSize$BuildBytes_Err_FormatFromStringValue_memset
                                                                                                                                                                                                                                                                    • String ID: OOOO$expected a callable object for 'onerror', not %.200s$expected a callable object, not %.200s$expected a function ctype, got '%s'
                                                                                                                                                                                                                                                                    • API String ID: 2491357067-2441438866
                                                                                                                                                                                                                                                                    • Opcode ID: 7417731f19e7bf26efe63bf592691950202c9bc2d7b5090e5922659f30939e48
                                                                                                                                                                                                                                                                    • Instruction ID: 2ce5ca637d63784af1b7d9cd8f67867de06d9a34ca9f9ddd9f6e7ee5eb48b6ea
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7417731f19e7bf26efe63bf592691950202c9bc2d7b5090e5922659f30939e48
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 844191B1A0AB46D6EB268B32E81017E27A4FB45BC4F448076DE5D87764DF3DE05AC710
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF5410 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 95COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Unicode_$From$Format$DeallocString
                                                                                                                                                                                                                                                                    • String ID: %LE$<cdata '%s%s' %s>$NULL$sliced length %zd
                                                                                                                                                                                                                                                                    • API String ID: 1355997861-971221297
                                                                                                                                                                                                                                                                    • Opcode ID: 2701546a232d5882689d21519581850e1b77185d4593e69bd8b01126325fd4a5
                                                                                                                                                                                                                                                                    • Instruction ID: e4aa7412f57f5479e39e815d85462d59f6494c204aaf948dae453f75e4144e41
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2701546a232d5882689d21519581850e1b77185d4593e69bd8b01126325fd4a5
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5418EA1A0AA43D1EE7A8B35E66437D3365BF44B84F448075CE1D877A5DF2EE41AC320
                                                                                                                                                                                                                                                                    Function 00007FFBAB03AAE0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 92COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_String$FormatUnicode_
                                                                                                                                                                                                                                                                    • String ID: Expected 'bytes', got '%s'$None is not a valid string in this context$value is larger than a DWORD
                                                                                                                                                                                                                                                                    • API String ID: 744494611-3495899980
                                                                                                                                                                                                                                                                    • Opcode ID: 05216bfa44e7ee20cd62210ca1a8a19d3a1d4b56492e3c42796aad6ce1c811f1
                                                                                                                                                                                                                                                                    • Instruction ID: 37e8c5109ea0cd803cb2cb74b12cc6b44edc6359d54b792c7ea4cadcdcfaeca8
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05216bfa44e7ee20cd62210ca1a8a19d3a1d4b56492e3c42796aad6ce1c811f1
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A4152B2A0AA8286EA769F35E44817973A0BF84BC0F14C431DD2E57775EE3DD464C304
                                                                                                                                                                                                                                                                    Function 00007FFBAB03AD70 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 81memoryCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: String$Err_$FreeMem_$AllocCharFormatUnicode_Wide
                                                                                                                                                                                                                                                                    • String ID: <NULL!!>$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
                                                                                                                                                                                                                                                                    • API String ID: 2830890580-4125661472
                                                                                                                                                                                                                                                                    • Opcode ID: 78840e5e7e7d228582c0af9e8a9e90980b7b534fab60ec7c7d0f925024459bc3
                                                                                                                                                                                                                                                                    • Instruction ID: 155f0ce41d6831876231e4d7d423691e990b35c99d7daca1abe67a5f563eab6d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 78840e5e7e7d228582c0af9e8a9e90980b7b534fab60ec7c7d0f925024459bc3
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 98314EB6A0AB8285EB768F25E44422973A0FF88B94F448131DE6E53774EF7CD465C704
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF4E40 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: DeallocObject_$ClearRefsTrackWeak$Buffer_ErrorFatalFuncRelease
                                                                                                                                                                                                                                                                    • String ID: cdata CDataOwningGC_Type with unexpected type flags$cdataowninggc_dealloc
                                                                                                                                                                                                                                                                    • API String ID: 2255642161-3398618105
                                                                                                                                                                                                                                                                    • Opcode ID: 7d55679bc061573661d55d0d8c414481f47cc364bc342565915b41b6db3f3849
                                                                                                                                                                                                                                                                    • Instruction ID: 34090b3c384d2d2ae83909ce6a218974662f3e7a92701bb75abed72242d74c6d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d55679bc061573661d55d0d8c414481f47cc364bc342565915b41b6db3f3849
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC3130B690AA42D1EB1A8F75E86423C7374FB45B5AF049131CE1E836A4CF3DE4A5C314
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF4070 Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 217COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_Format$Unicode_memcpy
                                                                                                                                                                                                                                                                    • String ID: bytes or list or tuple$initializer bytes is too long for '%s' (got %zd characters)$initializer unicode is too long for '%s' (got %zd characters)$list or tuple$too many initializers for '%s' (got %zd)$unicode character out of range for conversion to char16_t: 0x%x$unicode or list or tuple
                                                                                                                                                                                                                                                                    • API String ID: 3046177526-3363920172
                                                                                                                                                                                                                                                                    • Opcode ID: c2b98a3a003ef4d18b6325074e9be345aa7db272c93910e763ff7414c8a16c5c
                                                                                                                                                                                                                                                                    • Instruction ID: 5a3784e7c4bcffd76bea3912d9f43e3de7f1661da187f9b3b46b20f49e327297
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2b98a3a003ef4d18b6325074e9be345aa7db272c93910e763ff7414c8a16c5c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5391D0A1F0A642C1FE2A8B75D4502BC2369FF51B85F548572CE1E836A4DF3EE44A8320
                                                                                                                                                                                                                                                                    Function 00007FFBAAFFB050 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 180COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$Object_$ClearDeallocExceptionFormatFromLongLong_MatchesTrackTuple_
                                                                                                                                                                                                                                                                    • String ID: (*)$invalid result type: '%s'$result type '%s' is opaque
                                                                                                                                                                                                                                                                    • API String ID: 4166317216-2055205602
                                                                                                                                                                                                                                                                    • Opcode ID: 7bfa884fc884330e72ff2342e4a8623a8250f52069f041b9a93be83d18d53ada
                                                                                                                                                                                                                                                                    • Instruction ID: 73e406909669bd184dec59ce50b6a1a7c0d95fba636ceca2851a193de7ffb05f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7bfa884fc884330e72ff2342e4a8623a8250f52069f041b9a93be83d18d53ada
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B581C8B2606B42CADB16CF35D8502AC33A8FB48B98F548235DE5D87BA4DF39D55AC310
                                                                                                                                                                                                                                                                    Function 00007FFBAB03C090 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 127windowCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C0AB
                                                                                                                                                                                                                                                                    • FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C11A
                                                                                                                                                                                                                                                                    • PyUnicode_FromWideChar.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C1CC
                                                                                                                                                                                                                                                                    • PyUnicode_DecodeMBCS.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C1EB
                                                                                                                                                                                                                                                                    • _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C200
                                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C218
                                                                                                                                                                                                                                                                    • PyErr_SetObject.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C22D
                                                                                                                                                                                                                                                                    • _Py_Dealloc.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C23C
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Unicode_$BuildCharDeallocDecodeErr_ErrorFormatFreeFromLastLocalMessageObjectSizeValue_Wide
                                                                                                                                                                                                                                                                    • String ID: (iNN)$No error message is available$ignore
                                                                                                                                                                                                                                                                    • API String ID: 2848599001-37674240
                                                                                                                                                                                                                                                                    • Opcode ID: 643a50901b2b552bbb88332efe27bb625fe03f62ce5503003692dadae792e0a9
                                                                                                                                                                                                                                                                    • Instruction ID: 68e2ab2fc806ea83363449d7e6aa31ada9abd263fd463deb4c3b488c28730144
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 643a50901b2b552bbb88332efe27bb625fe03f62ce5503003692dadae792e0a9
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3551D6A2E0A74245FA769F29E44817963A1FF85B80F55C135CD6E833B4EF3CE4629304
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF43B0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 123COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$Dict_$FormatNext$ErrorFatalFuncItemList_ObjectOccurredstrncmp
                                                                                                                                                                                                                                                                    • String ID: '%s' is opaque$list or tuple or dict$list or tuple or dict or struct-cdata$too many initializers for '%s' (got %zd)
                                                                                                                                                                                                                                                                    • API String ID: 3179473356-3352871426
                                                                                                                                                                                                                                                                    • Opcode ID: 11e29facb5374b74331b5e96c18d1300f79c165c1aa519a21de60f216f29576c
                                                                                                                                                                                                                                                                    • Instruction ID: cb8853bd7c9e5133dfa456d2ce5a69d1f3d420bd1578a31b437a8204d4b59cf5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 11e29facb5374b74331b5e96c18d1300f79c165c1aa519a21de60f216f29576c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E251C7A160A642D1EF368F36E4101BD6764FB44B99F088172DE2E836A4DE3DE05AC720
                                                                                                                                                                                                                                                                    Function 00007FFBAB00089E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: memcmp
                                                                                                                                                                                                                                                                    • String ID: _Complex$__cdecl$__stdcall$expected a positive integer constant$number too large
                                                                                                                                                                                                                                                                    • API String ID: 1475443563-817343239
                                                                                                                                                                                                                                                                    • Opcode ID: b0edcaac7a3bc37032abc35d40f79898f608845375e1f029ce1b6d5b485a016e
                                                                                                                                                                                                                                                                    • Instruction ID: bfa3d95bcd4bce5e3bbac78d10a6a1aaf9b56dd263eb58d4e71c515adb72a006
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b0edcaac7a3bc37032abc35d40f79898f608845375e1f029ce1b6d5b485a016e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A64161F6A0A646A5EF768B34D42027822A1FB55BA4F108232CDAE422F5EF7CD565C700
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF8AF0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 72libraryloaderCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_Format$AddressArg_ErrorLastParseProcSizeTuple___stdio_common_vsprintf
                                                                                                                                                                                                                                                                    • String ID: O!s:load_function$error 0x%x$function or pointer or array cdata expected, got '%s'$function/symbol '%s' not found in library '%s': %s$library '%s' has already been closed
                                                                                                                                                                                                                                                                    • API String ID: 1100265670-2543733793
                                                                                                                                                                                                                                                                    • Opcode ID: b2e5f732b5b4113bdbd481d7c30e811a0101bb94faf82e8b4f728f168bbd2343
                                                                                                                                                                                                                                                                    • Instruction ID: 643b71682a9d2156a223e8878e1a96db00e5b6f1858ebbe23eb744d11d7d2d6c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b2e5f732b5b4113bdbd481d7c30e811a0101bb94faf82e8b4f728f168bbd2343
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40314FE1A0AA4291EF16CF75E4502B963A0FF84B95F404136CE5D87664DF7CE0AAC350
                                                                                                                                                                                                                                                                    Function 00007FFBAB03CB50 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_Long$Occurred$DeallocLong_$ClearFormatNumber_Unsigned
                                                                                                                                                                                                                                                                    • String ID: Unable to convert %s to pointer-sized value
                                                                                                                                                                                                                                                                    • API String ID: 1465853305-2431006615
                                                                                                                                                                                                                                                                    • Opcode ID: ad716908c59eab2c18602f6836ab5668689e39de7d630bff23f7a61bcdcb4c0d
                                                                                                                                                                                                                                                                    • Instruction ID: ecb28db928db582d3f2df2226c06ad1346fc3d135459cd895beb3e5b5447c936
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ad716908c59eab2c18602f6836ab5668689e39de7d630bff23f7a61bcdcb4c0d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5621E375A0BB4281EA765F71F8441352360EF48BB4F049634DE7E523B4EE3CE4A49700
                                                                                                                                                                                                                                                                    Function 00007FFBAB03BDA0 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 38threadmemoryCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: State_SwapThread$ErrorFatalFunc$AllocLocalValue
                                                                                                                                                                                                                                                                    • String ID: Out of memory allocating thread state.$PyWinInterpreterState_Ensure$pywintypes: can not setup interpreter state, as current state is invalid
                                                                                                                                                                                                                                                                    • API String ID: 4234957216-1490924957
                                                                                                                                                                                                                                                                    • Opcode ID: fdb1524eb15e5f76735f0c868ecce0d95253c296dba6ef99d2c73a1a3d4f27e4
                                                                                                                                                                                                                                                                    • Instruction ID: bbca7deed3371f1ebcc079dc26b6d304a1476eaa1a09584e88880de73bae8f13
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fdb1524eb15e5f76735f0c868ecce0d95253c296dba6ef99d2c73a1a3d4f27e4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6611DAF590BA0682EB6ADB34E8542692760BF99B58F408439CD6E13774FE3CE5688310
                                                                                                                                                                                                                                                                    Function 00007FFBAB008280 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 208COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Dealloc$Err_$FormatMallocMem_MemoryMethod_Unicode___stdio_common_vsprintf
                                                                                                                                                                                                                                                                    • String ID: ;CFFI C function from %s.lib$the type '%s%s' is a function type, not a pointer-to-function type
                                                                                                                                                                                                                                                                    • API String ID: 1374498512-75659475
                                                                                                                                                                                                                                                                    • Opcode ID: 19ea09c3c4a2ae6f0b7a55b46ce54882de1dcd616494049de34408cad78d4f5e
                                                                                                                                                                                                                                                                    • Instruction ID: f0f3f11820116a295db132472a1ee2fa2e266776a056a8d6e0e1e553a2823958
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 19ea09c3c4a2ae6f0b7a55b46ce54882de1dcd616494049de34408cad78d4f5e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE9191B2A05B8295DB25CF35D8502AD3BA4FB59BD8F458231EE6D43BA4EF38D165C300
                                                                                                                                                                                                                                                                    Function 00007FFBAB007260 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 148COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: memcpy$SizeUnicode_isspace$Arg_Bytes_DeallocDecodeDict_FromItemKeywords_Latin1ParseStringTuple
                                                                                                                                                                                                                                                                    • String ID: O|s:getctype
                                                                                                                                                                                                                                                                    • API String ID: 1974405215-2338347666
                                                                                                                                                                                                                                                                    • Opcode ID: d454bcc25360b1bb3d5b87f57022a3865e09ce584ce2ddad3c71fc8ecde6efc2
                                                                                                                                                                                                                                                                    • Instruction ID: 51c9cd61424c898e521e24b647918b1ad37e679a08201e080c0c4d62e957ee94
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d454bcc25360b1bb3d5b87f57022a3865e09ce584ce2ddad3c71fc8ecde6efc2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6151E4A2B0E68660EE728B35E46467A3B95FF05B81F488131CE6D476A2DF3CE565C300
                                                                                                                                                                                                                                                                    Function 00007FFBAB03C260 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 91windowCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: SizeUnicode_$Arg_BuildCharDeallocDecodeErr_FormatFromMessageObjectParseTuple_Value_Widewsprintf
                                                                                                                                                                                                                                                                    • String ID: COM Error 0x%x$iNzz
                                                                                                                                                                                                                                                                    • API String ID: 4068968878-4252557710
                                                                                                                                                                                                                                                                    • Opcode ID: 73344a6563c35f489327fd1dff94f929dc162270d8c375d61b3fe3ba2a73dca4
                                                                                                                                                                                                                                                                    • Instruction ID: 55bd89a4d5b9792d62139a73599802f6731817531aa6640918010d622e0c15a6
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 73344a6563c35f489327fd1dff94f929dc162270d8c375d61b3fe3ba2a73dca4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E41ABB2A0EA4282EB759B35F85837963A0FF85790F818235DE6E436B4DF3CD4558704
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF6040 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 90COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$FormatNumber_OccurredSsize_t
                                                                                                                                                                                                                                                                    • String ID: cannot dereference null pointer from cdata '%s'$cdata '%s' can only be indexed by 0$cdata of type '%s' cannot be indexed$index too large for cdata '%s' (expected %zd < %zd)$negative index
                                                                                                                                                                                                                                                                    • API String ID: 2356906851-315104295
                                                                                                                                                                                                                                                                    • Opcode ID: 696e315ec8d3499059d244554070037d45ca33f3ade58d7503d97409f195913e
                                                                                                                                                                                                                                                                    • Instruction ID: b5af6254a2e6534803602c8de0ddb3d9fba1f7e915ba85c5f1a50cb54574e6ec
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 696e315ec8d3499059d244554070037d45ca33f3ade58d7503d97409f195913e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 61417FE1B0AA42D2EE668B35F8501796360BF48B98F444675CE2D877A1DF2DF4B98310
                                                                                                                                                                                                                                                                    Function 00007FFBAB03C700 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 89timeCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32 ref: 00007FFBAB03C73D
                                                                                                                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32 ref: 00007FFBAB03C76F
                                                                                                                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32 ref: 00007FFBAB03C7A2
                                                                                                                                                                                                                                                                    • PyLong_FromUnsignedLong.PYTHON312 ref: 00007FFBAB03C7DB
                                                                                                                                                                                                                                                                    • PyLong_FromUnsignedLong.PYTHON312 ref: 00007FFBAB03C7E8
                                                                                                                                                                                                                                                                    • PyLong_FromUnsignedLong.PYTHON312 ref: 00007FFBAB03C7F5
                                                                                                                                                                                                                                                                    • PyLong_FromUnsignedLong.PYTHON312 ref: 00007FFBAB03C802
                                                                                                                                                                                                                                                                    • _Py_BuildValue_SizeT.PYTHON312 ref: 00007FFBAB03C840
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C0AB
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C11A
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: PyUnicode_DecodeMBCS.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C1EB
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C200
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C218
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: PyErr_SetObject.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C22D
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: _Py_Dealloc.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C23C
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03A170: PyObject_GetAttrString.PYTHON312(?,?,?,?,?,?,?,?,?,00007FFBAB0399ED), ref: 00007FFBAB03A1B4
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03A170: _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,?,?,00007FFBAB0399ED), ref: 00007FFBAB03A213
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Time$FromLongLong_Unsigned$FileSystem$BuildDeallocSizeValue_$AttrDecodeErr_ErrorFormatFreeLastLocalMessageObjectObject_StringUnicode_
                                                                                                                                                                                                                                                                    • String ID: FileTimeToSystemTime$lNNNNNNNuu
                                                                                                                                                                                                                                                                    • API String ID: 198253700-4021486075
                                                                                                                                                                                                                                                                    • Opcode ID: 1656004b36c4f6e3bc16a1197bf51eb6bde67187bf5cbc8a341de0f46233e049
                                                                                                                                                                                                                                                                    • Instruction ID: 0c153dfde672d7c3b291aeac5865fa981aad9de13fe79c7472a6bc62f0f1e66f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1656004b36c4f6e3bc16a1197bf51eb6bde67187bf5cbc8a341de0f46233e049
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2441617260AB4191E671DB21F8486AE73A4FB89780F418132DEAD43775EF3CE465C700
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF9C80 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Dict_$DeallocSizeUnicode_$Err_FormatInternItemObject_Place
                                                                                                                                                                                                                                                                    • String ID: duplicate field name '%s'
                                                                                                                                                                                                                                                                    • API String ID: 4240887453-3400721703
                                                                                                                                                                                                                                                                    • Opcode ID: 2ce839050942b482c4884c28cae0e22c71aa984224cbdab53e0fa1257ec51597
                                                                                                                                                                                                                                                                    • Instruction ID: 5e52b6784b11296dcf941619ff2c755d981fe00a4c1d0844d6957b126c2886ba
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ce839050942b482c4884c28cae0e22c71aa984224cbdab53e0fa1257ec51597
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29314A7290AA42C5DB169F35E89413C77A4FB88B84F144131EE8E83764DF3ED469C710
                                                                                                                                                                                                                                                                    Function 00007FFBAB03AED0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 74COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: String$Err_$CharUnicode_Wide
                                                                                                                                                                                                                                                                    • String ID: <NULL!!>$Getting WCHAR string$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
                                                                                                                                                                                                                                                                    • API String ID: 3849944921-1275048830
                                                                                                                                                                                                                                                                    • Opcode ID: 707c45b96feac0c59aa52d167ab1cc9c607e83381189aed7103ba1a0e6978a90
                                                                                                                                                                                                                                                                    • Instruction ID: 7537d3a82757a55d832da44a0c9eb7040e08c9d417dcf6c6ed16d29058a807f1
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 707c45b96feac0c59aa52d167ab1cc9c607e83381189aed7103ba1a0e6978a90
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 363165B2B1AB8285EB6ACF66F4841297360FB88B84F549031EE6E53774DF3DD4648700
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF8C20 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 68libraryloaderCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_ErrorFormatLast$AddressArg_Object_ParseProcSizeTuple_
                                                                                                                                                                                                                                                                    • String ID: O!s:read_variable$error 0x%x$library '%s' has already been closed$variable '%s' not found in library '%s': %s
                                                                                                                                                                                                                                                                    • API String ID: 4169278214-767532634
                                                                                                                                                                                                                                                                    • Opcode ID: c6eec28d373ca8deeaa15abeba2b5ed4aff9e4c3ed9e7030cec0759abb11c7db
                                                                                                                                                                                                                                                                    • Instruction ID: 69a6f480c5cd8d4a9428601e3863d485888de1ac954729579e009be51c46f925
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c6eec28d373ca8deeaa15abeba2b5ed4aff9e4c3ed9e7030cec0759abb11c7db
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B315CA5A0AA42D1EF268B35E41027963A4FF84BD4F044132DE5D87B78EF3DE46AC750
                                                                                                                                                                                                                                                                    Function 00007FFBAB009350 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 59libraryloaderCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_ErrorFormatLastUnicode_$AddressProc
                                                                                                                                                                                                                                                                    • String ID: error 0x%x$library '%s' has been closed$symbol '%s' not found in library '%s': %s
                                                                                                                                                                                                                                                                    • API String ID: 3000000035-2382056100
                                                                                                                                                                                                                                                                    • Opcode ID: 2c222c0e430ec2803ffef092c59ac1cc2396b1fad4d4da13b7097e2ec0fc7d77
                                                                                                                                                                                                                                                                    • Instruction ID: 4dbed199fa65027bc1e196afa1841484ffb97c8a45729551050b04c8bc34cf8c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c222c0e430ec2803ffef092c59ac1cc2396b1fad4d4da13b7097e2ec0fc7d77
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 10216DA4A0AB4395EF269B36F8641696360BF85BC4B448231DE6D47774EF2CE4258700
                                                                                                                                                                                                                                                                    Function 00007FFBAB03BCD0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • PyObject_GetAttrString.PYTHON312 ref: 00007FFBAB03BCEC
                                                                                                                                                                                                                                                                    • PyErr_Clear.PYTHON312 ref: 00007FFBAB03BCFA
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyNumber_Long.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CB65
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CB73
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyLong_AsLongLong.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CB81
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CB90
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyErr_Clear.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CB9B
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyLong_AsUnsignedLongLong.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CBA4
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CBB3
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: _Py_Dealloc.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CBC7
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyErr_Format.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CBE6
                                                                                                                                                                                                                                                                    • PyCallable_Check.PYTHON312 ref: 00007FFBAB03BD08
                                                                                                                                                                                                                                                                    • PyObject_CallObject.PYTHON312 ref: 00007FFBAB03BD17
                                                                                                                                                                                                                                                                    • _Py_Dealloc.PYTHON312 ref: 00007FFBAB03BD29
                                                                                                                                                                                                                                                                    • _Py_Dealloc.PYTHON312 ref: 00007FFBAB03BD5F
                                                                                                                                                                                                                                                                    • PyErr_Clear.PYTHON312 ref: 00007FFBAB03BD69
                                                                                                                                                                                                                                                                    • PyErr_SetString.PYTHON312 ref: 00007FFBAB03BD80
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$Long$ClearDeallocOccurred$Long_Object_String$AttrCallCallable_CheckFormatNumber_ObjectUnsigned
                                                                                                                                                                                                                                                                    • String ID: Expected a socket object or numeric socket handle$fileno
                                                                                                                                                                                                                                                                    • API String ID: 4289764861-511972153
                                                                                                                                                                                                                                                                    • Opcode ID: 2dd725ec1b4e742cf62ce993a9d7f4ae9effbc43d9565e007f6678adc2bd38c0
                                                                                                                                                                                                                                                                    • Instruction ID: 49f007c1b7802a98b592120c7fc9e074228cf53b89be1392c491482e784a6246
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2dd725ec1b4e742cf62ce993a9d7f4ae9effbc43d9565e007f6678adc2bd38c0
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD2112B2A0AA4281EA6A9B36F9441396261AF84BD8F04D031DE6F57774FE3CE4658304
                                                                                                                                                                                                                                                                    Function 00007FFBAB007FC0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • PyEval_SaveThread.PYTHON312(?,?,00000000,00007FFBAB009203), ref: 00007FFBAB007FDF
                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32(?,?,00000000,00007FFBAB009203), ref: 00007FFBAB007FEE
                                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBAB009203), ref: 00007FFBAB007FFF
                                                                                                                                                                                                                                                                    • TlsSetValue.KERNEL32(?,?,00000000,00007FFBAB009203), ref: 00007FFBAB00801C
                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(?,?,00000000,00007FFBAB009203), ref: 00007FFBAB008025
                                                                                                                                                                                                                                                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,00007FFBAB009203), ref: 00007FFBAB00802B
                                                                                                                                                                                                                                                                    • PyEval_RestoreThread.PYTHON312(?,?,00000000,00007FFBAB009203), ref: 00007FFBAB008047
                                                                                                                                                                                                                                                                    • PyUnicode_AsUTF8.PYTHON312(?,?,00000000,00007FFBAB009203), ref: 00007FFBAB00805B
                                                                                                                                                                                                                                                                    • PyErr_Format.PYTHON312(?,?,00000000,00007FFBAB009203), ref: 00007FFBAB008072
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Eval_ThreadValue$Err_ErrorFormatLastRestoreSaveUnicode__errnomalloc
                                                                                                                                                                                                                                                                    • String ID: global variable '%s' is at address NULL
                                                                                                                                                                                                                                                                    • API String ID: 1246478879-1611533540
                                                                                                                                                                                                                                                                    • Opcode ID: eca1fa2554acf8d2e756b99066d3aed1de036b4697237d4aa2dd772d34f49b87
                                                                                                                                                                                                                                                                    • Instruction ID: 95293645321f97bf9a9dfcb565e980956da9c9c27613007dc6d0d594f969de0b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eca1fa2554acf8d2e756b99066d3aed1de036b4697237d4aa2dd772d34f49b87
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 05218361E0A74292EF669F31F4641296360FF48B84B488231DE2E07774EF2CE4B58700
                                                                                                                                                                                                                                                                    Function 00007FFBAB039840 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 53COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Dealloc$Object_$AttrCallImportImport_MethodModuleStringTuple_
                                                                                                                                                                                                                                                                    • String ID: TimeZoneInfo$utc$win32timezone
                                                                                                                                                                                                                                                                    • API String ID: 4031171350-3909237026
                                                                                                                                                                                                                                                                    • Opcode ID: 16713155a17ffb0bafa7ead2b81a85769f0b8c53c87e4ec7d2e06c3fdaf49409
                                                                                                                                                                                                                                                                    • Instruction ID: 5fa456a9e778b0614122e0998d307669325accd7db9e144b1a889b8e54eaa06e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 16713155a17ffb0bafa7ead2b81a85769f0b8c53c87e4ec7d2e06c3fdaf49409
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F121D3B2E0BB4681EE6A4B35E9581782390BF88B90F48D435CD2E16770EF2CE4658304
                                                                                                                                                                                                                                                                    Function 00007FFBAAF51030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3310204753.00007FFBAAF51000.00000020.00000001.01000000.00000030.sdmp, Offset: 00007FFBAAF50000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310175806.00007FFBAAF50000.00000002.00000001.01000000.00000030.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310225778.00007FFBAAF56000.00000002.00000001.01000000.00000030.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310247517.00007FFBAAF5B000.00000002.00000001.01000000.00000030.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaf50000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 349153199-0
                                                                                                                                                                                                                                                                    • Opcode ID: 474c6b7a685372b53d5ee10a3ee998af2d98c0b67a4930f1a88a30a85650b8b9
                                                                                                                                                                                                                                                                    • Instruction ID: 867a8f42940e099030039324094c57766a60aa3b68905043ad960583afed9b4c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 474c6b7a685372b53d5ee10a3ee998af2d98c0b67a4930f1a88a30a85650b8b9
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B818DE0E0A243C6FE5ABB75D4412796298AF45780F0841B5DD0EC7796DF3EF4478628
                                                                                                                                                                                                                                                                    Function 00007FFBAAFB1030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311189331.00007FFBAAFB1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FFBAAFB0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311167163.00007FFBAAFB0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311210588.00007FFBAAFB3000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311247848.00007FFBAAFB5000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaafb0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 349153199-0
                                                                                                                                                                                                                                                                    • Opcode ID: b665e2aa0a1aafc407c8626279c8168d645185ea6c4bd927f3a78105dbac7c58
                                                                                                                                                                                                                                                                    • Instruction ID: f9bc3774770f54098472e76b8326dc403bccbb626d3c38c1143daf35332aa57e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b665e2aa0a1aafc407c8626279c8168d645185ea6c4bd927f3a78105dbac7c58
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0817FA1E0A643CDFE5AAB75E44127922BCAF65780F1441B5DD0CC37E6DE3EE4078628
                                                                                                                                                                                                                                                                    Function 00007FFBAAF91030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3310784681.00007FFBAAF91000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFBAAF90000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310730020.00007FFBAAF90000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310867382.00007FFBAAF92000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310947990.00007FFBAAF94000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaf90000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 349153199-0
                                                                                                                                                                                                                                                                    • Opcode ID: b83bcfdbda2627b91fecea52bb080c46b8b041ebfc422aeaa466320814e2d747
                                                                                                                                                                                                                                                                    • Instruction ID: c026776afff9408f79c88dca49bac7e9038d77a409454492c195b2bc9e002a2e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b83bcfdbda2627b91fecea52bb080c46b8b041ebfc422aeaa466320814e2d747
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04817DA1E0A243C6FE9AAB75D4E127D139CAF85780F4441B5DE0CC3796DF2EE4478628
                                                                                                                                                                                                                                                                    Function 00007FFBAAF71030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3310435332.00007FFBAAF71000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAAF70000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310414066.00007FFBAAF70000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310520924.00007FFBAAF73000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310541565.00007FFBAAF75000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaf70000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 349153199-0
                                                                                                                                                                                                                                                                    • Opcode ID: b665e2aa0a1aafc407c8626279c8168d645185ea6c4bd927f3a78105dbac7c58
                                                                                                                                                                                                                                                                    • Instruction ID: 4a2703d316a13cdadc0b879c4a750fa313e1b85c2f4099ea6f6fd7925d523800
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b665e2aa0a1aafc407c8626279c8168d645185ea6c4bd927f3a78105dbac7c58
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6818EA0E0A243C5FE5A9B75D4412BD129DAF45780F0441B5DD0CD77A6EF6EF80B8728
                                                                                                                                                                                                                                                                    Function 00007FFBAAFC1030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311289279.00007FFBAAFC1000.00000020.00000001.01000000.00000029.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311268918.00007FFBAAFC0000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311310302.00007FFBAAFC5000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311330045.00007FFBAAFC6000.00000004.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311385032.00007FFBAAFC7000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaafc0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 349153199-0
                                                                                                                                                                                                                                                                    • Opcode ID: b369c7a3d4aeae5ad645d113c91f8a0bcd0fe91402e59b6f2cf4063d5a92ee2c
                                                                                                                                                                                                                                                                    • Instruction ID: 13c39a9351385f2a562a357b073b08e7b275cfd95522374ff10e8ebe21acd625
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b369c7a3d4aeae5ad645d113c91f8a0bcd0fe91402e59b6f2cf4063d5a92ee2c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 85818BA0E0A243C5FE5A9F77D8412B96298AF85780F4440B5DD4DC3796DF2EEC278628
                                                                                                                                                                                                                                                                    Function 00007FFBAAFFB9F0 Relevance: 16.6, APIs: 11, Instructions: 68COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Value$ErrorLast_errnomalloc$ReleaseState_
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3175917953-0
                                                                                                                                                                                                                                                                    • Opcode ID: 1ddd90a919f6e1d0ca7c08b018640b31f5f2f334f642a56cac4c91632d62c058
                                                                                                                                                                                                                                                                    • Instruction ID: 34f76daa12ae435eb7ff09c57848ab221cfd0576783032cf77f8e9e29005c408
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ddd90a919f6e1d0ca7c08b018640b31f5f2f334f642a56cac4c91632d62c058
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5317FB5A0AB0296EB2A8F31E8641687360FF88F90B448135DE1D07375EE3CE8A5C610
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF9380 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 184COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • PyErr_SetString.PYTHON312(?,?,00000000,?,?,00007FFBAAFF7261), ref: 00007FFBAAFF93E1
                                                                                                                                                                                                                                                                    • _PyObject_GC_NewVar.PYTHON312(?,?,00000000,?,?,00007FFBAAFF7261), ref: 00007FFBAAFF9568
                                                                                                                                                                                                                                                                    • PyObject_GC_Track.PYTHON312(?,?,00000000,?,?,00007FFBAAFF7261), ref: 00007FFBAAFF95A6
                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,00000000,?,?,00007FFBAAFF7261), ref: 00007FFBAAFF95B6
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Object_$Err_StringTrackmemcpy
                                                                                                                                                                                                                                                                    • String ID: double$float$long double$primitive type '%s' has size %d; the supported sizes are 1, 2, 4, 8
                                                                                                                                                                                                                                                                    • API String ID: 1250498430-2195461940
                                                                                                                                                                                                                                                                    • Opcode ID: 319e5b340b8e286c6563ef21db0e28327618d290dbca8f54b3ea24d99f837ec8
                                                                                                                                                                                                                                                                    • Instruction ID: fe337e546e0008f0188bc4b449d1979085b40a19363d80adc29e72dd6696b682
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 319e5b340b8e286c6563ef21db0e28327618d290dbca8f54b3ea24d99f837ec8
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B77192B1A0E642C1EA3E8B35E49007C27A4FB45B54F484175CE5FA36A4DF3EE45AC320
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF8260 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 146COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_Object_$ErrorFatalFormatFuncInitLong_MallocOccurredSign
                                                                                                                                                                                                                                                                    • String ID: cannot cast %s to ctype '%s'$unicode string of length %zd$write_raw_integer_data$write_raw_integer_data: bad integer size
                                                                                                                                                                                                                                                                    • API String ID: 2723916311-3775214127
                                                                                                                                                                                                                                                                    • Opcode ID: cd84d0bb9c45ef9b575340719260e05a004ef724c88515bdd183c3197c1c4f3d
                                                                                                                                                                                                                                                                    • Instruction ID: 99b55fc7464db327b8549ee2bcfb17eca731149199760b88632f88b5e5090af2
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd84d0bb9c45ef9b575340719260e05a004ef724c88515bdd183c3197c1c4f3d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB51A1A2A0AA42D6EA6A8B35E45027D2398FF44754F444175CE5E837B0DF3EF46AC360
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF5320 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Object_$DeallocDict_Item
                                                                                                                                                                                                                                                                    • String ID: %s: %s
                                                                                                                                                                                                                                                                    • API String ID: 22580554-3740598653
                                                                                                                                                                                                                                                                    • Opcode ID: e5d5cdacb2b3a4c9d272f17adfb540721c487a207eaf310efce5f001ab7e0bd0
                                                                                                                                                                                                                                                                    • Instruction ID: 6e306d8410abe65f950588f43e3ecb48d1df55804704b9678b62a7497af2eb76
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e5d5cdacb2b3a4c9d272f17adfb540721c487a207eaf310efce5f001ab7e0bd0
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C92184B1E0A602C2EE1A8B3AE65413C63A5AF48FC0F084174DE5E47764DF7DE46AC710
                                                                                                                                                                                                                                                                    Function 00007FFBAB03C3E0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_Buffer_Err_ParseReleaseSizeStringTuple_
                                                                                                                                                                                                                                                                    • String ID: Buffer cannot be None$Buffer length can be at most %d characters
                                                                                                                                                                                                                                                                    • API String ID: 2872489292-686265896
                                                                                                                                                                                                                                                                    • Opcode ID: 2255fffdc18b28b1a602e145245e94887b14e5a616429a3cfb698ddea7cb3a63
                                                                                                                                                                                                                                                                    • Instruction ID: e49f2d00e031e1c58c005629805e4c7d40634a8fe9ebe67eba2fb99b5a6eeced
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2255fffdc18b28b1a602e145245e94887b14e5a616429a3cfb698ddea7cb3a63
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B312CB2A0BB4295EAB68F25E84427963A0FF84B84F54D131DE6E82674DF3CE524D704
                                                                                                                                                                                                                                                                    Function 00007FFBAB009E70 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 57threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Dict_$ItemState_$ClearDeallocDictErr_FromInternInterpreterStringThreadUnicode_
                                                                                                                                                                                                                                                                    • String ID: __cffi_backend_extern_py
                                                                                                                                                                                                                                                                    • API String ID: 2738494814-865530817
                                                                                                                                                                                                                                                                    • Opcode ID: f9f237724238e7caa1203ba94bb0aee1243a778527cbf709ddf5aaacd3e1b462
                                                                                                                                                                                                                                                                    • Instruction ID: 72d5945f3ca0b6e38b4c4d7391983dfd68b49b58f81fd17d05668c8350d22e83
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f9f237724238e7caa1203ba94bb0aee1243a778527cbf709ddf5aaacd3e1b462
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B1100A1A1BB43D1EF6B9B75E96423512A0AF88B94F488534DD3D46374EF3CE8B58210
                                                                                                                                                                                                                                                                    Function 00007FFBAB03BEB0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 36memorythreadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorFatalFuncValue$AllocLocalState_Thread
                                                                                                                                                                                                                                                                    • String ID: Can not setup thread state, as have no interpreter state$Out of memory allocating thread state.$PyWinThreadState_Ensure
                                                                                                                                                                                                                                                                    • API String ID: 1925565299-3250566352
                                                                                                                                                                                                                                                                    • Opcode ID: 81a627f479a4f4e6372c1f023ffb07668953bc081b3a4ff38f78ee2adcd5121e
                                                                                                                                                                                                                                                                    • Instruction ID: 2796cc2a9ab17c0ac1a19bb004763ba6a9c96dc6fb9334e978a8f2073b1dcdac
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 81a627f479a4f4e6372c1f023ffb07668953bc081b3a4ff38f78ee2adcd5121e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 70111BF5A0BA0282EA6ADB24E8942683360BF55748F40C535CD6E17674FE3DE5B9C700
                                                                                                                                                                                                                                                                    Function 00007FFBAB006300 Relevance: 15.1, APIs: 10, Instructions: 103COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Dealloc$FreeMem_Object_Track
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3961529656-0
                                                                                                                                                                                                                                                                    • Opcode ID: 805ddcf20e4578c943ffc38c9faf20690ccc39dc98bf4c99d8eef914a6f54a20
                                                                                                                                                                                                                                                                    • Instruction ID: bcc0f3c77adf62a99099a082e6e47b64915c1340f6f42f82e05b2a6552f82fe5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 805ddcf20e4578c943ffc38c9faf20690ccc39dc98bf4c99d8eef914a6f54a20
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 84411676A0BB42A6EE6A8F74D96433933A1FB45B65F148131DE6E42660CF3DE0B4C701
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF7FB0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 160COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Long_SignSubtypeType_
                                                                                                                                                                                                                                                                    • String ID: integer/float conversion failed$integer/float expected
                                                                                                                                                                                                                                                                    • API String ID: 3148124222-1774177493
                                                                                                                                                                                                                                                                    • Opcode ID: 2170a9066c9b2ad8cbedb15fbb2d72de4e891491fec34b74e5394cdb1c04075d
                                                                                                                                                                                                                                                                    • Instruction ID: 6357212a548f82e2a81b54e67146488e5b50a0c5b4acf291acebbc43b8cfea70
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2170a9066c9b2ad8cbedb15fbb2d72de4e891491fec34b74e5394cdb1c04075d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF51B5A1F0AA42C2EE6F8B35D45113D1395FF44B94F489272DD5E87394CE2DE8EA8390
                                                                                                                                                                                                                                                                    Function 00007FFBAB005BC2 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Dealloc$Err_FormatTuple_$Pack
                                                                                                                                                                                                                                                                    • String ID: abi number %d not supported
                                                                                                                                                                                                                                                                    • API String ID: 3887392137-1298965716
                                                                                                                                                                                                                                                                    • Opcode ID: 1feae82a6d2b638ad67465b3b014ff6111c727c70233313902505b1dcab93bfa
                                                                                                                                                                                                                                                                    • Instruction ID: e629be4f2ee355567c5c6cf489b3bd2c5fdb864d72724c4dc6845196cee99370
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1feae82a6d2b638ad67465b3b014ff6111c727c70233313902505b1dcab93bfa
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 344133B2A0A64299EF368F31D46877827B1FB45B95F44D132CE1E867A4DF3CA565C300
                                                                                                                                                                                                                                                                    Function 00007FFBAAFFDB60 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 98COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_Err_Keywords_ParseSizeStringSubtypeTupleType_
                                                                                                                                                                                                                                                                    • String ID: Can remove destructor only on a object previously returned by ffi.gc()$O!O|n:gc
                                                                                                                                                                                                                                                                    • API String ID: 2258746257-2175166513
                                                                                                                                                                                                                                                                    • Opcode ID: 434994356936428b0893dfdd003a702ada3c94be2dc8848d57af795a6bad5c96
                                                                                                                                                                                                                                                                    • Instruction ID: addeec5823af146a340ea3ff9298f235495dfe732212be0a44eec7c104e77d1e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 434994356936428b0893dfdd003a702ada3c94be2dc8848d57af795a6bad5c96
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C4125B6A0AB42C2EB56CF35E85402973E4FB48B88B444136DE9D83764DF3DE46AC710
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF3BC0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 81COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    • initializer for ctype '%s' is correct, but we get an internal mismatch--please report a bug, xrefs: 00007FFBAAFF3CDC
                                                                                                                                                                                                                                                                    • initializer for ctype '%s' appears indeed to be '%s', but the types are different (check that you are not e.g. mixing up different ffi instances), xrefs: 00007FFBAAFF3CB2
                                                                                                                                                                                                                                                                    • initializer for ctype '%s' must be a %s, not %.200s, xrefs: 00007FFBAAFF3C1B
                                                                                                                                                                                                                                                                    • initializer for ctype '%s' must be a %s, not cdata '%s', xrefs: 00007FFBAAFF3C7E
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_Format
                                                                                                                                                                                                                                                                    • String ID: initializer for ctype '%s' appears indeed to be '%s', but the types are different (check that you are not e.g. mixing up different ffi instances)$initializer for ctype '%s' is correct, but we get an internal mismatch--please report a bug$initializer for ctype '%s' must be a %s, not %.200s$initializer for ctype '%s' must be a %s, not cdata '%s'
                                                                                                                                                                                                                                                                    • API String ID: 376477240-1352286566
                                                                                                                                                                                                                                                                    • Opcode ID: 9883a2daccae5b0b700f4c1f5e95d568d3575c9b01a6c44b9dd1458b6f61c2c6
                                                                                                                                                                                                                                                                    • Instruction ID: 33809696c2f3c539fe956174a4bec14cfba5cb5fca6e0b68a40ce5a6d6dc36e6
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9883a2daccae5b0b700f4c1f5e95d568d3575c9b01a6c44b9dd1458b6f61c2c6
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6831A5F5B09A8691DE1A8B39F4500782361BB44B94F848632DD7D573B4EF3DE569C310
                                                                                                                                                                                                                                                                    Function 00007FFBAB0051E0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 66COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    • primitive floating-point type with an unexpected size (or not a float type at all), xrefs: 00007FFBAB005271
                                                                                                                                                                                                                                                                    • primitive integer type with an unexpected size (or not an integer type at all), xrefs: 00007FFBAB00524B
                                                                                                                                                                                                                                                                    • prim=%d, xrefs: 00007FFBAB0052B4
                                                                                                                                                                                                                                                                    • primitive floating-point type is 'long double', not supported for now with the syntax 'typedef double... xxx;', xrefs: 00007FFBAB005297
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Object_$Track
                                                                                                                                                                                                                                                                    • String ID: prim=%d$primitive floating-point type is 'long double', not supported for now with the syntax 'typedef double... xxx;'$primitive floating-point type with an unexpected size (or not a float type at all)$primitive integer type with an unexpected size (or not an integer type at all)
                                                                                                                                                                                                                                                                    • API String ID: 16854473-3944103904
                                                                                                                                                                                                                                                                    • Opcode ID: 39436e23465c8db3db39652187a76aa8d2a68a6dbf103d408821ae33141ad2e8
                                                                                                                                                                                                                                                                    • Instruction ID: 1260f6d755215f3108647f4a13c17fdb1d8143ab7e7dd8614e008cc67113fc55
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 39436e23465c8db3db39652187a76aa8d2a68a6dbf103d408821ae33141ad2e8
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B0218BA1F1A90295EF6A8B75F4E007823A0FF48794F945235DE3E872B4DE2CD4B58700
                                                                                                                                                                                                                                                                    Function 00007FFBAB006EB0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_Bool_DeallocErr_FromKeywords_LongMethod_PackParseSizeStringTupleTuple_
                                                                                                                                                                                                                                                                    • String ID: cannot pass 'free' without 'alloc'$|OOi:new_allocator
                                                                                                                                                                                                                                                                    • API String ID: 3165387783-375137214
                                                                                                                                                                                                                                                                    • Opcode ID: 42e4bb1992ea6725121106d258a935a610d9392cd6d0b9ef3f6e132fcc88b267
                                                                                                                                                                                                                                                                    • Instruction ID: da9a52f2107db20d3d57f0b6193105ec8a8dbc70cf20b9d20f2cf2c1639b1659
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 42e4bb1992ea6725121106d258a935a610d9392cd6d0b9ef3f6e132fcc88b267
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F2141B1A0AB4292EF228F21F85416673A1FB89B94F548136DE5D07B74DF3CD4A4C710
                                                                                                                                                                                                                                                                    Function 00007FFBAB03BAA0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Buffer_Err_Release$BufferFormatFreeMem_Object_String
                                                                                                                                                                                                                                                                    • String ID: Buffer cannot be None$Buffer length can be at most %d characters
                                                                                                                                                                                                                                                                    • API String ID: 1675121998-686265896
                                                                                                                                                                                                                                                                    • Opcode ID: 36a83c9242e7e84fc00db936510af87f0f82ecc5178088cf441a11d5fdfb1027
                                                                                                                                                                                                                                                                    • Instruction ID: fceca56e53a0be252ca50a13b7fbde46aaa8d0d7cf32cc1318128532cbac0d0e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 36a83c9242e7e84fc00db936510af87f0f82ecc5178088cf441a11d5fdfb1027
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 913130B2A0AA5281EB7A8F35E4443392360FB44F48F449031DD6E536B8DF7DE865C344
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF5720 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 60COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Unicode_$DeallocFormatFromObject_Repr
                                                                                                                                                                                                                                                                    • String ID: <cdata '%s' %s %s>$<cdata '%s' owning %zd bytes>$calling$handle to
                                                                                                                                                                                                                                                                    • API String ID: 3526755465-2632218437
                                                                                                                                                                                                                                                                    • Opcode ID: c18eaa859345d2980b985c4dbfa540b0b8ff20e04ba9bf46027e84be470f68e3
                                                                                                                                                                                                                                                                    • Instruction ID: d2a1b9e40defe06ff02dd565ab8b9964349fbd059879bf975611c279ac44c240
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c18eaa859345d2980b985c4dbfa540b0b8ff20e04ba9bf46027e84be470f68e3
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1821CFE2E1A646D2EE268B76E69007C2364FF09BE4F444475CE1D47360DF2DE1AAC720
                                                                                                                                                                                                                                                                    Function 00007FFBAB0094B0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_ClearDict_Err_ErrorFormatFreeLastLibraryParseSizeTuple_Unicode___stdio_common_vsprintf
                                                                                                                                                                                                                                                                    • String ID: closing library '%s': %s$error 0x%x
                                                                                                                                                                                                                                                                    • API String ID: 3709125606-4000567706
                                                                                                                                                                                                                                                                    • Opcode ID: adc85e1c0bf2282f3c81cb0c66fa85fea96ac2adca737be54e0d557f874591bb
                                                                                                                                                                                                                                                                    • Instruction ID: 2be694ff930020bb6f0312983bc517e9e51c59ac79f2216b84de1cbc58225c19
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: adc85e1c0bf2282f3c81cb0c66fa85fea96ac2adca737be54e0d557f874591bb
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9214FA1A0AA4292EF668F2AF8541696364FB88FC0B448132DE6D43734DF2CD965C700
                                                                                                                                                                                                                                                                    Function 00007FFBAB039A20 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: DeallocObject_$AttrBuildCallSizeStringTuple_Value
                                                                                                                                                                                                                                                                    • String ID: (s)$strftime
                                                                                                                                                                                                                                                                    • API String ID: 4125559156-1254993691
                                                                                                                                                                                                                                                                    • Opcode ID: f271ca0000b76510a5b7333935f7d38f84b61be0f30e414fcb8fdb346cffc6a8
                                                                                                                                                                                                                                                                    • Instruction ID: acf9bb822b043b0e52ff04e43c746abf893cdd1bc5ebeec5798dd7db5b0fdc1b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f271ca0000b76510a5b7333935f7d38f84b61be0f30e414fcb8fdb346cffc6a8
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 401133B2A1AB4281FE6A9F76E5481356390BF44BC0F48D574DD2E07B64EF2CE4248744
                                                                                                                                                                                                                                                                    Function 00007FFBAB038750 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_DescriptorParseSecurityTupleValid
                                                                                                                                                                                                                                                                    • String ID: (ii)$:GetSecurityDescriptorControl$GetSecurityDescriptorControl$GetSecurityDescriptorControl - invalid sd
                                                                                                                                                                                                                                                                    • API String ID: 1292091245-2499011972
                                                                                                                                                                                                                                                                    • Opcode ID: 899b441f1e08e56cc03e74a8b13421d7ce615e6febe98fda2992056ca5000227
                                                                                                                                                                                                                                                                    • Instruction ID: 866977693efb30e1aa99a3b23caa91b2fcf4f8369aecfda1c47eb0302c6c6f24
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 899b441f1e08e56cc03e74a8b13421d7ce615e6febe98fda2992056ca5000227
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D10182E2F1A24292EB6A9B32E8440B62361FF94740F08D035DD2E82674EF3CD4A48704
                                                                                                                                                                                                                                                                    Function 00007FFBAAFFE6C0 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$Occurred$DeallocFormatObject_Unicode_
                                                                                                                                                                                                                                                                    • String ID: 32-bit int$integer %s does not fit '%s'
                                                                                                                                                                                                                                                                    • API String ID: 4129581467-810487915
                                                                                                                                                                                                                                                                    • Opcode ID: cf4a5c3c4ca82e307795b4e9ab79100b429a5d3b84a9032f9e93c863d5d0eda2
                                                                                                                                                                                                                                                                    • Instruction ID: bdefbc1eeb452e752a27b525efcf9b8c615643b3735f6a1b6dbd3ff6b2982a13
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf4a5c3c4ca82e307795b4e9ab79100b429a5d3b84a9032f9e93c863d5d0eda2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 731156A1F0B602D2FE2A5B79F4542786290AF48BE5F088235DD3D463A5EF3DE4698311
                                                                                                                                                                                                                                                                    Function 00007FFBAAFFE830 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$Occurred$DeallocFormatLong_Object_SignStringUnicode_
                                                                                                                                                                                                                                                                    • String ID: 16-bit unsigned int$integer %s does not fit '%s'
                                                                                                                                                                                                                                                                    • API String ID: 198760793-331574723
                                                                                                                                                                                                                                                                    • Opcode ID: 0d2cce02834189b01bb247411563f67ef45ef6bf3b064cc44647de33cd6d57b6
                                                                                                                                                                                                                                                                    • Instruction ID: 149cd7a85a06d79f22ea16a254b89bf265848aa59c244a8cf04d84e0d98dc4f1
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d2cce02834189b01bb247411563f67ef45ef6bf3b064cc44647de33cd6d57b6
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF1130A0E0B74292FE6A6B39F4543782390AF55B98F048234DD2D467B9DF3DE469C310
                                                                                                                                                                                                                                                                    Function 00007FFBAAFFE780 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$Occurred$DeallocFormatLong_Object_SignStringUnicode_
                                                                                                                                                                                                                                                                    • String ID: 8-bit unsigned int$integer %s does not fit '%s'
                                                                                                                                                                                                                                                                    • API String ID: 198760793-3731599500
                                                                                                                                                                                                                                                                    • Opcode ID: b27ca8c4a09986cd7f5536817222dcdc3d6fe009256f7d17fc33fbaa68b70664
                                                                                                                                                                                                                                                                    • Instruction ID: 5a41f8b2a288ced25fe7762be6154eb8bb2348ce146314336eae0a1f236d1da3
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b27ca8c4a09986cd7f5536817222dcdc3d6fe009256f7d17fc33fbaa68b70664
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F51152A0F0B642D2EE6A6B39F4543782290AF49B98F048134DE2D467A5DF3DE4A9C310
                                                                                                                                                                                                                                                                    Function 00007FFBAAFFE610 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$Occurred$DeallocFormatObject_Unicode_
                                                                                                                                                                                                                                                                    • String ID: 16-bit int$integer %s does not fit '%s'
                                                                                                                                                                                                                                                                    • API String ID: 4129581467-4142791282
                                                                                                                                                                                                                                                                    • Opcode ID: 453346ae2aeb356b59160b9f8e8ac9233e509898e3a8ad222d7d387add890ad3
                                                                                                                                                                                                                                                                    • Instruction ID: fb34f96995f57cda475665410b818634c7be21fe1fc73bb25393a21e71d531c7
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 453346ae2aeb356b59160b9f8e8ac9233e509898e3a8ad222d7d387add890ad3
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B115EB0E1A60291EE2A5F39E85437C3390EF48B94F048171DD2D463A8EF2CE4A98310
                                                                                                                                                                                                                                                                    Function 00007FFBAB03E908 Relevance: 13.7, APIs: 9, Instructions: 230COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 349153199-0
                                                                                                                                                                                                                                                                    • Opcode ID: 70f854044df5acb2ce3175ee53db70c69d323c809d2866dc920b2ba8ef5ec66e
                                                                                                                                                                                                                                                                    • Instruction ID: 29aee8daaa03308e08a4cc0656cd916a204f71e54c7db30ecb23b111b363c0ae
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 70f854044df5acb2ce3175ee53db70c69d323c809d2866dc920b2ba8ef5ec66e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1281E5E2E1EA4386FA779B35D4592B92291BF41780F04C235DD6D437B2EE3CE8618718
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF1BA0 Relevance: 13.6, APIs: 9, Instructions: 95COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Object_$Buffer_Release$BufferClearErr_Instance
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3750329280-0
                                                                                                                                                                                                                                                                    • Opcode ID: 11907da8ea2c5dd7f0332fff193ec49644934e014caaaf6c40cf4e5a5d25d2ed
                                                                                                                                                                                                                                                                    • Instruction ID: f0a2417e4368b6d28bf42bc24de4ed7ec6eba4667ca298ff50c99a0ea7bb6d8a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 11907da8ea2c5dd7f0332fff193ec49644934e014caaaf6c40cf4e5a5d25d2ed
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F34183A1B0EA43D2EF268B35E8502BD63A5FF44B80F448171DE5D83264DF2DE45AC720
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF9270 Relevance: 13.6, APIs: 9, Instructions: 76COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Dealloc$Dict_Item$Bytes_FromObject_SizeStringTrackmemcpy
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1819324212-0
                                                                                                                                                                                                                                                                    • Opcode ID: fd34888714f828fc0263e72ef90183ec76b084e78a3332edeee347c69863261e
                                                                                                                                                                                                                                                                    • Instruction ID: d3f961b64cf3f742042b6b6cc4e209f1349c8df2483efde521bd35b8b772981f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fd34888714f828fc0263e72ef90183ec76b084e78a3332edeee347c69863261e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 373143B1E0A652C1EB1A8F31E9D423D33A8AB45F95F048075CE0E867A4DF3EE465C710
                                                                                                                                                                                                                                                                    Function 00007FFBAB007790 Relevance: 13.6, APIs: 9, Instructions: 55COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _errno$Value$DeallocErr_LongLong_Occurredmalloc
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1551808740-0
                                                                                                                                                                                                                                                                    • Opcode ID: 3bc000821cabc09a6f5adb2b8e36e5aba05261bca3d05dafaa23a5bdb87a2d96
                                                                                                                                                                                                                                                                    • Instruction ID: ab8287e78e87b9866643d57c71fbc1f6d54f5aa36d14c2daf7407866280906eb
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3bc000821cabc09a6f5adb2b8e36e5aba05261bca3d05dafaa23a5bdb87a2d96
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3210CB1D0B602A6EE674B34E86423837A0AF48B55F448234CD2D463B1DF3CA4B5C760
                                                                                                                                                                                                                                                                    Function 00007FFBAAFFAB70 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 208COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: memcpy$Err_String
                                                                                                                                                                                                                                                                    • String ID: ($expected a tuple of ctypes
                                                                                                                                                                                                                                                                    • API String ID: 629984673-2381509598
                                                                                                                                                                                                                                                                    • Opcode ID: 77bbe871d00088442f1213eb9db74d06b140fca4d15aa733c05ba5e4359855ac
                                                                                                                                                                                                                                                                    • Instruction ID: ec556ca8bdd8ebf2ac6e4bb49e44a49b03d3120502ba5a08f047d9753f6dfc92
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 77bbe871d00088442f1213eb9db74d06b140fca4d15aa733c05ba5e4359855ac
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C881C8B2A0B786C6EB2A9F35E54037D6798EB15B90F198172CF9D46390EF3DD05A8310
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF5C70 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 165COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: cannot use <cdata '%s'> in a comparison
                                                                                                                                                                                                                                                                    • API String ID: 0-3474358591
                                                                                                                                                                                                                                                                    • Opcode ID: 55d4f2ccb34d01680fc1b730617c8c56ad0fb9d4db9a6e6b1798b1167d31452f
                                                                                                                                                                                                                                                                    • Instruction ID: 759d2be063c86a12d311ed19db48916187c6e76655e8cf72a778dfba363bb152
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 55d4f2ccb34d01680fc1b730617c8c56ad0fb9d4db9a6e6b1798b1167d31452f
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B461B6B6A0AA42C2EA2A8F35E95417D73A4FB44B58F044076CD5D837A8CF3DE49BC710
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF67B0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$Format$Number_Object_OccurredSsize_t
                                                                                                                                                                                                                                                                    • String ID: cannot add a cdata '%s' and a number$ctype '%s' points to items of unknown size
                                                                                                                                                                                                                                                                    • API String ID: 3506362094-755949881
                                                                                                                                                                                                                                                                    • Opcode ID: 79e19f427926be28b62e77a9cbed93807c24e78e06b28ba84642ae16086d378d
                                                                                                                                                                                                                                                                    • Instruction ID: ff3254cac106735b4a92044d5a5fa09f57bb4f17e5902f582acca11282f90f65
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 79e19f427926be28b62e77a9cbed93807c24e78e06b28ba84642ae16086d378d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 824183B1A0AA82C1EE6ACF35E85013963A4FF48B94B44417ADE5D877B4DF3DE466C310
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF2BC0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: List_$Dealloc$AppendErr_ErrorFatalFuncPackStringTuple_strncmp
                                                                                                                                                                                                                                                                    • String ID: fields
                                                                                                                                                                                                                                                                    • API String ID: 1806387768-2128995208
                                                                                                                                                                                                                                                                    • Opcode ID: cd1dc9f9f486b55c67b4e9a4ba2a746eb6620fd039c80d274eb925e77b19076b
                                                                                                                                                                                                                                                                    • Instruction ID: 75e9f369dece61682ddb49573d7748b190471f19d844166a55e77c859f6fe654
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd1dc9f9f486b55c67b4e9a4ba2a746eb6620fd039c80d274eb925e77b19076b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A93187B1A0A602C2EE2A8F35E45423D63A4FF44BE4F044175DE8D877A4DF3EE4568720
                                                                                                                                                                                                                                                                    Function 00007FFBAB000B64 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 82COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: number too large$short$sign$stru
                                                                                                                                                                                                                                                                    • API String ID: 0-689979194
                                                                                                                                                                                                                                                                    • Opcode ID: 65e5edf0afcb0b60bae24d89161b4bdff5ec5d7d45c0ad9900d5ff599aaaa577
                                                                                                                                                                                                                                                                    • Instruction ID: a5ec40a89be3eccf9cfed1f4fca7b77c2e141cfce3631708b5455e56b672e10c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 65e5edf0afcb0b60bae24d89161b4bdff5ec5d7d45c0ad9900d5ff599aaaa577
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 823150B2A0A64996EF764F34D42427836A1FB55B68F10C232CE6E022F4EF7CD4A5C701
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF31D0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 79COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: DeallocErr_Long_SignString
                                                                                                                                                                                                                                                                    • String ID: an integer is required$can't convert negative number to unsigned$integer conversion failed
                                                                                                                                                                                                                                                                    • API String ID: 2527065810-2728004092
                                                                                                                                                                                                                                                                    • Opcode ID: fa468a012a92ac2ef468244c9e6bc792d1c7dee0ce6e5f0de8c09411de909c79
                                                                                                                                                                                                                                                                    • Instruction ID: b17766b624d60b737fb9d85f3d5e41ceec4b7816cd7f7bd4247a20d0f1238991
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fa468a012a92ac2ef468244c9e6bc792d1c7dee0ce6e5f0de8c09411de909c79
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C3315261B0AA42D1EA5E8B36E55023D6364BB48BE4F089371DE3D877E4DF2DE4658310
                                                                                                                                                                                                                                                                    Function 00007FFBAB0087FF Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB0053C0: PyErr_Format.PYTHON312(?,?,840FC08548F08B48,00007FFBAB0060F7), ref: 00007FFBAB00540A
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB0053C0: _Py_Dealloc.PYTHON312(?,?,840FC08548F08B48,00007FFBAB0060F7), ref: 00007FFBAB005427
                                                                                                                                                                                                                                                                    • PyErr_Format.PYTHON312 ref: 00007FFBAB00883C
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_Format$Dealloc
                                                                                                                                                                                                                                                                    • String ID: constant '%s' is of type '%s', whose size is not known
                                                                                                                                                                                                                                                                    • API String ID: 1818262499-580431848
                                                                                                                                                                                                                                                                    • Opcode ID: fbe9573b7cdb1b020dbf12186359c8e17a3615bc535f5201a55dca9a315b8555
                                                                                                                                                                                                                                                                    • Instruction ID: bc5c2db4ec66d34ac95e689086c8e1f94ed8e336fd5ace07d6c5678aad297c08
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fbe9573b7cdb1b020dbf12186359c8e17a3615bc535f5201a55dca9a315b8555
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 073191A2A0BB4391FE678B31D42427A2A90BF45F94F08C171CD2E07BA4EE3CE4759310
                                                                                                                                                                                                                                                                    Function 00007FFBAB000C01 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 73COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: memcmp
                                                                                                                                                                                                                                                                    • String ID: number too large$union$unsigned
                                                                                                                                                                                                                                                                    • API String ID: 1475443563-127238505
                                                                                                                                                                                                                                                                    • Opcode ID: b6f4457692cf03a12dec4d34b5527b934f6dc6cec3332d5e670df6f20471251a
                                                                                                                                                                                                                                                                    • Instruction ID: 70bb967cf1d41c63c135c957a244251cea3797fef2a6d0182d63cc9382c2b4ce
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b6f4457692cf03a12dec4d34b5527b934f6dc6cec3332d5e670df6f20471251a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 933191F2A0A64AA5EF764B34D42017823A1FB55BA4F508232CE7E422F5EF7CD5A5C710
                                                                                                                                                                                                                                                                    Function 00007FFBAB000C72 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 73COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: memcmp
                                                                                                                                                                                                                                                                    • String ID: number too large$void$volatile
                                                                                                                                                                                                                                                                    • API String ID: 1475443563-2072166545
                                                                                                                                                                                                                                                                    • Opcode ID: 8b4f0128c4e0694450fe0093e83c71d8a28ac16a4a1ccb5b12c7415c1974c462
                                                                                                                                                                                                                                                                    • Instruction ID: d3d1552408d421369de22f3943b49152e4fa06d22bb46178cf28eb4100219d95
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b4f0128c4e0694450fe0093e83c71d8a28ac16a4a1ccb5b12c7415c1974c462
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 103150F2A0A64AA5EF768B34D42417822A1FB55BA4F508232CD7E422F5EF7CD465C710
                                                                                                                                                                                                                                                                    Function 00007FFBAB036350 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    • Support for passing 2 integers to create a 64bit value is deprecated - pass a long instead, xrefs: 00007FFBAB0363C1
                                                                                                                                                                                                                                                                    • LARGE_INTEGER must be 'int', or '(int, int)', xrefs: 00007FFBAB0363FE
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$Long$Arg_Long_OccurredParseStringTupleWarn
                                                                                                                                                                                                                                                                    • String ID: LARGE_INTEGER must be 'int', or '(int, int)'$Support for passing 2 integers to create a 64bit value is deprecated - pass a long instead
                                                                                                                                                                                                                                                                    • API String ID: 3944559157-3919795897
                                                                                                                                                                                                                                                                    • Opcode ID: 59b4d8ec125ac6524fe44f67723db926a36914beee4ad5eee682b635ad582c84
                                                                                                                                                                                                                                                                    • Instruction ID: 003c361f0f62c444f8558d75cbdcae8669fd4d941aa64fc301f433562a3f31b8
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 59b4d8ec125ac6524fe44f67723db926a36914beee4ad5eee682b635ad582c84
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71218671B09A4181EB65CF6AF4801696360FB88BD8F449135EFAD93778DE3CD4A5C700
                                                                                                                                                                                                                                                                    Function 00007FFBAB0358F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 64registryCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • PyErr_SetString.PYTHON312 ref: 00007FFBAB035958
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyNumber_Long.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CB65
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CB73
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyLong_AsLongLong.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CB81
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CB90
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyErr_Clear.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CB9B
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyLong_AsUnsignedLongLong.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CBA4
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CBB3
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: _Py_Dealloc.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CBC7
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyErr_Format.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CBE6
                                                                                                                                                                                                                                                                    • PyErr_SetString.PYTHON312 ref: 00007FFBAB035999
                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32 ref: 00007FFBAB0359AC
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$Long$Occurred$Long_String$ClearCloseDeallocFormatNumber_Unsigned
                                                                                                                                                                                                                                                                    • String ID: HANDLE must be a PyHKEY$PyHKEY$RegCloseKey$The object is not a PyHANDLE object
                                                                                                                                                                                                                                                                    • API String ID: 3516211060-2695813183
                                                                                                                                                                                                                                                                    • Opcode ID: d69c62bc09f853d0e6f1f910dfc9cb01cdd64d02257b89517463281ab8676dbe
                                                                                                                                                                                                                                                                    • Instruction ID: 9aa9462d2e0f3169e28469f5cd89a73a55a02af24bf9ae3af9455a07c28d909d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d69c62bc09f853d0e6f1f910dfc9cb01cdd64d02257b89517463281ab8676dbe
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA21BEB2B1AA4281EB36CB31D4940792391EF84B94F449032DE6F87270DF2CE4A5C304
                                                                                                                                                                                                                                                                    Function 00007FFBAB037040 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 62stringCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: DeallocErr_StringUnicode_strcmp
                                                                                                                                                                                                                                                                    • String ID: SECURITY_DESCRIPTOR$The object is not a PySECURITY_DESCRIPTOR object$can't delete SECURITY_ATTRIBUTES attributes
                                                                                                                                                                                                                                                                    • API String ID: 2499284733-1426751177
                                                                                                                                                                                                                                                                    • Opcode ID: 80ea741ab7d6b184c6713a1cdd19ccf7cb0727e26e110be3e3f3ef5f66facdf7
                                                                                                                                                                                                                                                                    • Instruction ID: 14fa2633a2b628c939bb96932fe258841fa90fb3455b829b505c8d9c72e0fabc
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 80ea741ab7d6b184c6713a1cdd19ccf7cb0727e26e110be3e3f3ef5f66facdf7
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 052132B2A1AA42C1EA6ACB36E4440396760FF44BC4F449531DE6E53B75DF2CE5A1C304
                                                                                                                                                                                                                                                                    Function 00007FFBAB0322E0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    • lllO, xrefs: 00007FFBAB032354
                                                                                                                                                                                                                                                                    • EXPLICIT_ACCESS must be a dictionary containing {AccessPermissions:int,AccessMode:int,Inheritance:int,Trustee:<o PyTRUSTEE>}, xrefs: 00007FFBAB03238E
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Dealloc$Arg_Err_KeywordsParseStringTupleTuple_
                                                                                                                                                                                                                                                                    • String ID: EXPLICIT_ACCESS must be a dictionary containing {AccessPermissions:int,AccessMode:int,Inheritance:int,Trustee:<o PyTRUSTEE>}$lllO
                                                                                                                                                                                                                                                                    • API String ID: 959004690-1584370844
                                                                                                                                                                                                                                                                    • Opcode ID: cc2ae5c7b83a6cc19aa222611215686e05a02c5e12874075675e02da708e2e6c
                                                                                                                                                                                                                                                                    • Instruction ID: dad7df19236aac88cae4f0ddf78faece544210d8892e13d453a353d42169fef0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cc2ae5c7b83a6cc19aa222611215686e05a02c5e12874075675e02da708e2e6c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 452161B2A09B8186DA259F21E40416DB3A0FB94784F048235EEAE07B25EF3CE5A48744
                                                                                                                                                                                                                                                                    Function 00007FFBAB03D0A0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Buffer_Err_Release$BufferFormatObject_String
                                                                                                                                                                                                                                                                    • String ID: Buffer cannot be None$Buffer length can be at most %d characters
                                                                                                                                                                                                                                                                    • API String ID: 1670810688-686265896
                                                                                                                                                                                                                                                                    • Opcode ID: 2eb95f7d662f013894336c9492278a8ccab15d0d485027fc4128c6d3b10bfa47
                                                                                                                                                                                                                                                                    • Instruction ID: 72df9a290f24c8be1474c882cc4cbdacf5bdb57fa463117e07a1cce7416df11e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2eb95f7d662f013894336c9492278a8ccab15d0d485027fc4128c6d3b10bfa47
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9821FDB2A0AA4295EA6A8F35E85423963A0FB84F94F14D531DD6E476B4EF3CE470C344
                                                                                                                                                                                                                                                                    Function 00007FFBAB036450 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    • Support for passing 2 integers to create a 64bit value is deprecated - pass a long instead, xrefs: 00007FFBAB0364EE
                                                                                                                                                                                                                                                                    • ULARGE_INTEGER must be 'int', or '(int, int)', xrefs: 00007FFBAB0364CA
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$Long$Arg_Long_OccurredParseStringTupleUnsignedWarn
                                                                                                                                                                                                                                                                    • String ID: Support for passing 2 integers to create a 64bit value is deprecated - pass a long instead$ULARGE_INTEGER must be 'int', or '(int, int)'
                                                                                                                                                                                                                                                                    • API String ID: 507489655-1767028231
                                                                                                                                                                                                                                                                    • Opcode ID: 5e223d211314823cd4219e8a22ccae8685cd212fbaa4b10fe60fb3027d068c0b
                                                                                                                                                                                                                                                                    • Instruction ID: 84bbaf800d9689677e0172bd6b49a80aec9eb6aefa7d0dc634542cff065937b5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e223d211314823cd4219e8a22ccae8685cd212fbaa4b10fe60fb3027d068c0b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F92157B2B19A4281EB658F69F48417963A0FB88794F449135DE7D476B4DF3CD4A4C700
                                                                                                                                                                                                                                                                    Function 00007FFBAB0052E0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 51COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Long$FromLong_$Err_FormatUnsigned__stdio_common_vsprintf
                                                                                                                                                                                                                                                                    • String ID: %lld$%llu (0x%llx)$the C compiler says '%.200s' is equal to %s, but the cdef disagrees
                                                                                                                                                                                                                                                                    • API String ID: 2237024420-3737824454
                                                                                                                                                                                                                                                                    • Opcode ID: ad7e37e05e3a6d96b6928601aa573ff49f1f6f0cf8e3a77c98dfbff20578357b
                                                                                                                                                                                                                                                                    • Instruction ID: 235bb8198592f6764bceab1beb7340dbcca302c4bc119daac445819d884bc6c3
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ad7e37e05e3a6d96b6928601aa573ff49f1f6f0cf8e3a77c98dfbff20578357b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F02130B190A547D5EF368B30E4A037D6370FF84744F548232EDAE861B4CE6CE5659700
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF26C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: String$CharClearCloseCreateDeallocErr_FlagsHandleRun_ThreadUnicode_Wide
                                                                                                                                                                                                                                                                    • String ID: done()
                                                                                                                                                                                                                                                                    • API String ID: 168230354-3016733518
                                                                                                                                                                                                                                                                    • Opcode ID: e760ad058c330209cd80d361ec4aebfc964b80c5f0e1699fe6a2a170020dc097
                                                                                                                                                                                                                                                                    • Instruction ID: 28674cb044beb30be204ca41f63fbc153bdb300427e62b2ae50dca42d22b8a8f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e760ad058c330209cd80d361ec4aebfc964b80c5f0e1699fe6a2a170020dc097
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E51160F290BB42C2EF6A8B31F92417963A4BF84B80F048235DD5D42764DF3DE02AC620
                                                                                                                                                                                                                                                                    Function 00007FFBAB034820 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_String$Bytes_FormatSize
                                                                                                                                                                                                                                                                    • String ID: Attributes of PyDEVMODEW can't be deleted$Length of DriverData cannot be longer that DriverExtra (%d bytes)
                                                                                                                                                                                                                                                                    • API String ID: 1818008259-1897733207
                                                                                                                                                                                                                                                                    • Opcode ID: 982261d07047ae27cc783b36b5d868306bdb719e0c94ce6eb0d46070b68470d5
                                                                                                                                                                                                                                                                    • Instruction ID: bd46cc208f4970147cb1596e369a3012c7fb9c66ef94f89e5d3ba9aed37b78e8
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 982261d07047ae27cc783b36b5d868306bdb719e0c94ce6eb0d46070b68470d5
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43118AE6F0694281EA658B35D4540792361EF84BA0B449231DD3D477B4EF2CD4F5C700
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF76D0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ComplexComplex_From$Err_Format
                                                                                                                                                                                                                                                                    • String ID: complex() not supported on cdata '%s'$read_raw_complex_data$read_raw_complex_data: bad complex size
                                                                                                                                                                                                                                                                    • API String ID: 3215717669-1323234755
                                                                                                                                                                                                                                                                    • Opcode ID: bf3fce80554d2ff49b89989670725fa070e0e48bab6121e3992d80b4de46b929
                                                                                                                                                                                                                                                                    • Instruction ID: 5c53eadafce99b3c93bc2528e98626cfba0db919cb5e0fc8c56e3af52ede768d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bf3fce80554d2ff49b89989670725fa070e0e48bab6121e3992d80b4de46b929
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2B1163B6D08A8697DA22CB38E4511A97370FF9574CF508322DA4D92571EF2DE5AACB00
                                                                                                                                                                                                                                                                    Function 00007FFBAB039010 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 32COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Authority$Arg_CountErr_FromLongLong_ParseSizeStringTuple_
                                                                                                                                                                                                                                                                    • String ID: The index is out of range$i:GetSubAuthority
                                                                                                                                                                                                                                                                    • API String ID: 3635565364-2602025648
                                                                                                                                                                                                                                                                    • Opcode ID: ab6d8fd439d6b02b6a007d953e9cdef31c4b5c51f63db0275b9e0d2e0d69a080
                                                                                                                                                                                                                                                                    • Instruction ID: 6bd146277569bfdec40ade9650966681fce1b758a112f39f21908a02ac1db0ae
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ab6d8fd439d6b02b6a007d953e9cdef31c4b5c51f63db0275b9e0d2e0d69a080
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 73F01DB1B0A60286EA2A9B71E8540786361EF88B91F449031CD6E07730EE3DE4A8C700
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF2ED0 Relevance: 12.1, APIs: 8, Instructions: 65COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Dealloc$List_String$AppendAttrClearErr_FromObject_Unicode_
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2809749462-0
                                                                                                                                                                                                                                                                    • Opcode ID: cd8d8ddbb1834b233c92391f38b58b5930a1ca0fb0d6a550870d0d150be7f897
                                                                                                                                                                                                                                                                    • Instruction ID: 20862a67e3c6c21b5259b16940aab13ee258c6858aaf10ffdb6efac377b4f744
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd8d8ddbb1834b233c92391f38b58b5930a1ca0fb0d6a550870d0d150be7f897
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 622153B5B1A603C1EE2A4F31E41423D73A4BF58B85F048074DD5D867A4DF3DE46A8710
                                                                                                                                                                                                                                                                    Function 00007FFBAB0372C0 Relevance: 12.1, APIs: 8, Instructions: 52COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: DescriptorSecurityfree$DaclGroupOwnerSacl
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1788430091-0
                                                                                                                                                                                                                                                                    • Opcode ID: 97ea44e753a5a118efad6d5d1f8ef18c9434b446d72ae4c28109a967474ad096
                                                                                                                                                                                                                                                                    • Instruction ID: fb388016c62f37ece1952130ea5fa288681fb6d4beef43d7a8758e3aca360be5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 97ea44e753a5a118efad6d5d1f8ef18c9434b446d72ae4c28109a967474ad096
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B21B0A2B0E64282EF6A8F75E4546B96B70FF84B81F448036EE5E02475DE3CD458C704
                                                                                                                                                                                                                                                                    Function 00007FFBAAFFD380 Relevance: 12.0, APIs: 8, Instructions: 47COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _errno$Value$Err_LongLong_Occurredmalloc
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 262410431-0
                                                                                                                                                                                                                                                                    • Opcode ID: 2a4e04feb4dd1616e4931fd54db0bff09fe6175edffa87682eab8730abd1051e
                                                                                                                                                                                                                                                                    • Instruction ID: 1c521e178a9af67422cb1303c0b1b62ea6ce71db1653c8fe974f411a0ae7da2b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a4e04feb4dd1616e4931fd54db0bff09fe6175edffa87682eab8730abd1051e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D511FEB5A0B702D6EB2A5F31E86413873A0AF88B55B448275CE2D473B0DF3CA4B5C620
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF5860 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 113COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: read_raw_complex_data$read_raw_complex_data: bad complex size$read_raw_unsigned_data$read_raw_unsigned_data: bad integer size
                                                                                                                                                                                                                                                                    • API String ID: 0-1204700216
                                                                                                                                                                                                                                                                    • Opcode ID: def5ee7bd554489ded72b9186db2c84222a6efe47bd6aa1d85928557062e152d
                                                                                                                                                                                                                                                                    • Instruction ID: 4021bdc01f84f6db16dc010a5f34aa80f2812036c4137aea80620369b7d9172a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: def5ee7bd554489ded72b9186db2c84222a6efe47bd6aa1d85928557062e152d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FF41E5E2D0A646C6EE2F8738C59103C2398BF56750F608675DE4DE2260EF1EE4ABC710
                                                                                                                                                                                                                                                                    Function 00007FFBAAFFC810 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: memcpy$Size$Arg_FromParseStringTuple_Unicode_
                                                                                                                                                                                                                                                                    • String ID: O!s:getcname
                                                                                                                                                                                                                                                                    • API String ID: 714380276-3937919902
                                                                                                                                                                                                                                                                    • Opcode ID: 212e193dd98a022be32759decc1167dcfbae81764cfdc8d79e20867e4762ecf4
                                                                                                                                                                                                                                                                    • Instruction ID: 82b5b669b20942bea0cea46dff367de0865cf04a8389a096141b81cc20507b24
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 212e193dd98a022be32759decc1167dcfbae81764cfdc8d79e20867e4762ecf4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C316DA2605AC6A9DB168F35D8501E83764FB45BA8B444222EE3D07BE9DF38D16AC340
                                                                                                                                                                                                                                                                    Function 00007FFBAB007660 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Size$Arg_DeallocParse$AllocBuildDict_Err_InfoItemKeywords_Method_StringSystemTupleTuple_Unicode_Value_Virtual
                                                                                                                                                                                                                                                                    • String ID: (OOOO)$O|OOO
                                                                                                                                                                                                                                                                    • API String ID: 164275408-1768548383
                                                                                                                                                                                                                                                                    • Opcode ID: ffef0812f413f702d9d73057773e20b9dd9dcf9446933bb5bc658a80bb65b58a
                                                                                                                                                                                                                                                                    • Instruction ID: 3ceba9aa20de0ca83e3ef9846cbf396810210acea39e268890b7171d95aa3c26
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ffef0812f413f702d9d73057773e20b9dd9dcf9446933bb5bc658a80bb65b58a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA3161A5A0EB4291DE368B21F85026A73A4FB88BD1F548136DE9D47B74DF3CD0A4CB00
                                                                                                                                                                                                                                                                    Function 00007FFBAB039C10 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CallDeallocErr_FormatMethodObject_SubtypeType_
                                                                                                                                                                                                                                                                    • String ID: astimezone$must be a pywintypes time object (got %s)
                                                                                                                                                                                                                                                                    • API String ID: 244768906-1654730096
                                                                                                                                                                                                                                                                    • Opcode ID: 6c7939a9d9a4378991c112401e7defa9cb9dd7bc83bdd3f2906742f1b1d638e9
                                                                                                                                                                                                                                                                    • Instruction ID: 932cc86d13bfc84cac07c2e24329dcbeaf993ae63392d7a9236c4b0d1f0aa65e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c7939a9d9a4378991c112401e7defa9cb9dd7bc83bdd3f2906742f1b1d638e9
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7621B4A66196C186D76D8B36D1500783BA0FF49781B18D037DFBE83760EE2CD164C711
                                                                                                                                                                                                                                                                    Function 00007FFBAB008E90 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • PyDict_GetItem.PYTHON312 ref: 00007FFBAB008EB1
                                                                                                                                                                                                                                                                    • PyErr_SetString.PYTHON312 ref: 00007FFBAB008EEF
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB0085A0: PyUnicode_AsUTF8.PYTHON312(?,?,00000000,?,?,00000000,00007FFBAB009186), ref: 00007FFBAB0085CA
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB0085A0: PyErr_SetString.PYTHON312(?,?,00000000,?,?,00000000,00007FFBAB009186), ref: 00007FFBAB00864A
                                                                                                                                                                                                                                                                    • PyUnicode_AsUTF8.PYTHON312 ref: 00007FFBAB008F35
                                                                                                                                                                                                                                                                    • PyErr_Format.PYTHON312 ref: 00007FFBAB008F58
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB007FC0: PyEval_SaveThread.PYTHON312(?,?,00000000,00007FFBAB009203), ref: 00007FFBAB007FDF
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB007FC0: TlsGetValue.KERNEL32(?,?,00000000,00007FFBAB009203), ref: 00007FFBAB007FEE
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB007FC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBAB009203), ref: 00007FFBAB007FFF
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB007FC0: TlsSetValue.KERNEL32(?,?,00000000,00007FFBAB009203), ref: 00007FFBAB00801C
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB007FC0: SetLastError.KERNEL32(?,?,00000000,00007FFBAB009203), ref: 00007FFBAB008025
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB007FC0: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,00007FFBAB009203), ref: 00007FFBAB00802B
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB007FC0: PyEval_RestoreThread.PYTHON312(?,?,00000000,00007FFBAB009203), ref: 00007FFBAB008047
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB007FC0: PyUnicode_AsUTF8.PYTHON312(?,?,00000000,00007FFBAB009203), ref: 00007FFBAB00805B
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB007FC0: PyErr_Format.PYTHON312(?,?,00000000,00007FFBAB009203), ref: 00007FFBAB008072
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$Unicode_$Eval_FormatStringThreadValue$Dict_ErrorItemLastRestoreSave_errnomalloc
                                                                                                                                                                                                                                                                    • String ID: C attribute cannot be deleted$cannot write to function or constant '%.200s'
                                                                                                                                                                                                                                                                    • API String ID: 3181857070-1071161328
                                                                                                                                                                                                                                                                    • Opcode ID: 7691a099ec5bcbf8bc435778204b3ce1d279329f7345e5862a1dfe8b25d63d2a
                                                                                                                                                                                                                                                                    • Instruction ID: 6d954ed4b946414e08c161b97267b5839f1fb39b31307a167690ebeecba6039f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7691a099ec5bcbf8bc435778204b3ce1d279329f7345e5862a1dfe8b25d63d2a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E82171A0A0AB42A0EE2A9B35E46017A2760BF44BC4F04C135EE2E07BB5DF2CE4748300
                                                                                                                                                                                                                                                                    Function 00007FFBAB0385B0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_DescriptorParseSecurityTupleValid
                                                                                                                                                                                                                                                                    • String ID: :GetSecurityDescriptorDacl$GetSecurityDescriptorDacl$SetSecurityDescriptorGroup - invalid sd
                                                                                                                                                                                                                                                                    • API String ID: 1292091245-161903415
                                                                                                                                                                                                                                                                    • Opcode ID: 47e204642db6640a9c9c5f42fc2bbdc1d812443fe2b31ebd05fa51a62c3ac94c
                                                                                                                                                                                                                                                                    • Instruction ID: ec894e435313e444d79a8243f6da965d38bb511c06b2e28912a510eb6c53e86c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 47e204642db6640a9c9c5f42fc2bbdc1d812443fe2b31ebd05fa51a62c3ac94c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D71154E6E1A64282FB669B35E8442BA6360BF84784F448431DD2D86275FF3CE1B9C704
                                                                                                                                                                                                                                                                    Function 00007FFBAB038680 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_DescriptorParseSecurityTupleValid
                                                                                                                                                                                                                                                                    • String ID: :GetSecurityDescriptorSacl$GetSecurityDescriptorSacl$GetSecurityDescriptorSacl - invalid sd
                                                                                                                                                                                                                                                                    • API String ID: 1292091245-3167575759
                                                                                                                                                                                                                                                                    • Opcode ID: eda0f0d636285a1688c3aed3a31db8cfa39383af60a5d4deb98f50818e958fbb
                                                                                                                                                                                                                                                                    • Instruction ID: 91c9f19eef159d9000e01c1306c450cee0e2d4d00147f637b4e395ef4185949c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eda0f0d636285a1688c3aed3a31db8cfa39383af60a5d4deb98f50818e958fbb
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 561154EAE1A64282FB669B35F8442B56360BF84784F48C431DD2D862B5EF7CE1B5C704
                                                                                                                                                                                                                                                                    Function 00007FFBAB039660 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorLastValidmalloc
                                                                                                                                                                                                                                                                    • String ID: PySID:$PySID: Invalid SID
                                                                                                                                                                                                                                                                    • API String ID: 814871005-2976353951
                                                                                                                                                                                                                                                                    • Opcode ID: 79f643a53b61f72d234d5fd2a4f80076a33712498731b2b7e024394af7ebc535
                                                                                                                                                                                                                                                                    • Instruction ID: 2803f18e5b9840dd724e78e1d533ccddb3850ccaf0917f827749e92d9869e807
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 79f643a53b61f72d234d5fd2a4f80076a33712498731b2b7e024394af7ebc535
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E2165B6A1AA8582EA698B21E5441796361FB44BA0F449531DE6E137B4DF3CD0B4C704
                                                                                                                                                                                                                                                                    Function 00007FFBAB0384F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 53COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_DescriptorParseSecurityTupleValid
                                                                                                                                                                                                                                                                    • String ID: :GetSecurityDescriptorGroup$GetSecurityDescriptorGroup$GetSecurityDescriptorGroup - invalid sd
                                                                                                                                                                                                                                                                    • API String ID: 1292091245-1740808346
                                                                                                                                                                                                                                                                    • Opcode ID: 1cfadc0fcdcf666d0f5f1b4dba48cf5ccd64742d80ab32fcdbb67db2515e5fcb
                                                                                                                                                                                                                                                                    • Instruction ID: a3617147cd58278489f2d3bc56a1f2d9796740d4f78704b897d76ba36a5ebc9f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1cfadc0fcdcf666d0f5f1b4dba48cf5ccd64742d80ab32fcdbb67db2515e5fcb
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 191142E6F0A64282FB7A9B76E8452B52360FF94784F449031CD2D86275FE3CE5B58704
                                                                                                                                                                                                                                                                    Function 00007FFBAB0341E0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • PyArg_ParseTuple.PYTHON312 ref: 00007FFBAB03420E
                                                                                                                                                                                                                                                                    • GetAuditedPermissionsFromAclW.ADVAPI32 ref: 00007FFBAB03423E
                                                                                                                                                                                                                                                                    • Py_BuildValue.PYTHON312 ref: 00007FFBAB034268
                                                                                                                                                                                                                                                                    • PyMem_Free.PYTHON312 ref: 00007FFBAB034282
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C0AB
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C11A
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: PyUnicode_DecodeMBCS.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C1EB
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C200
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C218
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: PyErr_SetObject.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C22D
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: _Py_Dealloc.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C23C
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: BuildFree$Arg_AuditedDeallocDecodeErr_ErrorFormatFromLastLocalMem_MessageObjectParsePermissionsSizeTupleUnicode_ValueValue_
                                                                                                                                                                                                                                                                    • String ID: GetAuditedPermissionsFromAcl$O:GetAuditedPermissionsFromAcl
                                                                                                                                                                                                                                                                    • API String ID: 1813498087-1982696749
                                                                                                                                                                                                                                                                    • Opcode ID: 8a6ff8e7fc4ee454dbaf1a1bb3be092f6b23010d3761266b61acb2699630f883
                                                                                                                                                                                                                                                                    • Instruction ID: 0c641fc3b592c0e593fc11473ba9313647fd19a477746a4f752ee82cc9dac8cb
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8a6ff8e7fc4ee454dbaf1a1bb3be092f6b23010d3761266b61acb2699630f883
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 101162B270974686EB218F61F44406EA3A0FF84780F848131DE6D57678EF7CE465CB00
                                                                                                                                                                                                                                                                    Function 00007FFBAB031220 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$BufferBuffer_FormatObject_ReleaseString
                                                                                                                                                                                                                                                                    • String ID: Buffer cannot be None$Buffer length can be at most %d characters
                                                                                                                                                                                                                                                                    • API String ID: 3539591379-686265896
                                                                                                                                                                                                                                                                    • Opcode ID: 569f538c9c836f433e0bd960f5d5e206e531757e9a54dd6106fd3398a81b04aa
                                                                                                                                                                                                                                                                    • Instruction ID: 3557109f8eab322f6d0b3cfd564bfe2b3d6ec0a983bfe088c9f9316e3d9a31d1
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 569f538c9c836f433e0bd960f5d5e206e531757e9a54dd6106fd3398a81b04aa
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FB1124B1A06B0281EE698F66E48413863A1FB88B94F04D030CD2E877B4DF3CE4B5C340
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF79D0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_InitObject_Stringmallocmemcpy
                                                                                                                                                                                                                                                                    • String ID: return type is a struct/union with a varsize array member$return type is an opaque structure or union
                                                                                                                                                                                                                                                                    • API String ID: 673089332-262380981
                                                                                                                                                                                                                                                                    • Opcode ID: 70019e921b1d3c9c602fd4fa1ab4d9449dcd1d2a94ef9de0bc3afca5c48af5e0
                                                                                                                                                                                                                                                                    • Instruction ID: 9643c60027af0f586696ca2ff64f9d495b0e8fffdf13f685a8a1d412428a5372
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 70019e921b1d3c9c602fd4fa1ab4d9449dcd1d2a94ef9de0bc3afca5c48af5e0
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF118CB260AB42D2DB2ACB26F4502A973A0FB48B90F485132DE5D47B64DF3DE5B5C700
                                                                                                                                                                                                                                                                    Function 00007FFBAB034120 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 49COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • PyArg_ParseTuple.PYTHON312 ref: 00007FFBAB03414A
                                                                                                                                                                                                                                                                    • GetEffectiveRightsFromAclW.ADVAPI32 ref: 00007FFBAB034175
                                                                                                                                                                                                                                                                    • Py_BuildValue.PYTHON312 ref: 00007FFBAB03419A
                                                                                                                                                                                                                                                                    • PyMem_Free.PYTHON312 ref: 00007FFBAB0341B4
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C0AB
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C11A
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: PyUnicode_DecodeMBCS.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C1EB
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C200
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C218
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: PyErr_SetObject.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C22D
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: _Py_Dealloc.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C23C
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: BuildFree$Arg_DeallocDecodeEffectiveErr_ErrorFormatFromLastLocalMem_MessageObjectParseRightsSizeTupleUnicode_ValueValue_
                                                                                                                                                                                                                                                                    • String ID: GetEffectiveRightsFromAcl$O:GetEffectiveRightsFromAcl
                                                                                                                                                                                                                                                                    • API String ID: 2032167972-568366055
                                                                                                                                                                                                                                                                    • Opcode ID: 303dce0aea7412f47779b6d1c60295076083a61708bba6cdfba5205ac26e9a70
                                                                                                                                                                                                                                                                    • Instruction ID: b5c0a9fc47f6db41c2c51b4443630e34f5cd22127f29afa7b24c858cc4e412ef
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 303dce0aea7412f47779b6d1c60295076083a61708bba6cdfba5205ac26e9a70
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 901160B2B09A4686EA219F21F84406AA3A0FF84780F448131DE6D47678EF7CE465CB00
                                                                                                                                                                                                                                                                    Function 00007FFBAB032AB0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_ParseTuple$ClearErr_
                                                                                                                                                                                                                                                                    • String ID: AddAccesAllowedAce$lO:AddAccessAllowedAce$llO:AddAccessAllowedAce
                                                                                                                                                                                                                                                                    • API String ID: 2492218514-648165593
                                                                                                                                                                                                                                                                    • Opcode ID: 0fca3df125c9ca4b74ba172dc1ad24d14b13c3c223872720ecc417f5911fbe20
                                                                                                                                                                                                                                                                    • Instruction ID: 62ab88963257f652cafd53987132fb7c5939d2ec2f4395717cad599c09eb4375
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0fca3df125c9ca4b74ba172dc1ad24d14b13c3c223872720ecc417f5911fbe20
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 441142B2A09B4596DB21CF25F4444AA7760FB847C4F448032EEAD43B68EF7CE154CB40
                                                                                                                                                                                                                                                                    Function 00007FFBAB032B60 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_ParseTuple$ClearErr_
                                                                                                                                                                                                                                                                    • String ID: AddAccesDeniedAce$lO:AddAccessDeniedAce$llO:AddAccessDeniedAce
                                                                                                                                                                                                                                                                    • API String ID: 2492218514-45297876
                                                                                                                                                                                                                                                                    • Opcode ID: e0890082332542a30de38f29f9ead05091ac483cfbb9dea9cfcf4de0babcaec8
                                                                                                                                                                                                                                                                    • Instruction ID: 1f0ea51b5bb777487c1524a263270b43da1c22135eeceb5ddc4227fce04933b1
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e0890082332542a30de38f29f9ead05091ac483cfbb9dea9cfcf4de0babcaec8
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B21142B6609B8686DB61CF25F4444AA7760FB847C4F448036EEAD53B28EF7CE154CB40
                                                                                                                                                                                                                                                                    Function 00007FFBAB033BD0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 39COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • PyArg_ParseTuple.PYTHON312 ref: 00007FFBAB033BEB
                                                                                                                                                                                                                                                                    • GetAce.ADVAPI32 ref: 00007FFBAB033C06
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C0AB
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C11A
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: PyUnicode_DecodeMBCS.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C1EB
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C200
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C218
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: PyErr_SetObject.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C22D
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: _Py_Dealloc.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C23C
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_BuildDeallocDecodeErr_ErrorFormatFreeLastLocalMessageObjectParseSizeTupleUnicode_Value_
                                                                                                                                                                                                                                                                    • String ID: Ace type %d is not supported yet$GetAce$l:GetAce
                                                                                                                                                                                                                                                                    • API String ID: 2913267005-2172617993
                                                                                                                                                                                                                                                                    • Opcode ID: aef762dc7b89ada9127937277a53d1b5627c9c6045696fdecc209502e163c83b
                                                                                                                                                                                                                                                                    • Instruction ID: 98dbb859b03645cfaf1f0c0152357554a7bbd85348f3042231230aa6cf8b33bb
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aef762dc7b89ada9127937277a53d1b5627c9c6045696fdecc209502e163c83b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 670161B2B1A64282EB268B35E8541B53361FF94B84F44C032CE2D47275EF3CE565C600
                                                                                                                                                                                                                                                                    Function 00007FFBAB0387F0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 39COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_ControlDescriptorErr_ParseSecurityStringTuple
                                                                                                                                                                                                                                                                    • String ID: SetSecurityDescriptorControl$SetSecurityDescriptorControl does not exist on this platform$ll:SetSecurityDescriptorControl
                                                                                                                                                                                                                                                                    • API String ID: 1690190277-853495732
                                                                                                                                                                                                                                                                    • Opcode ID: c5fb905781387fc59d0c6ec67cab9ed427ef9051838924ecfa23633f0d9bec63
                                                                                                                                                                                                                                                                    • Instruction ID: 5309eab2b22e1e8eded9308221293750b44e9997e06f8e35b70a25b67cc69683
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c5fb905781387fc59d0c6ec67cab9ed427ef9051838924ecfa23633f0d9bec63
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 370121E2A1A60682EB668F35E8442752370FF84B44F44D032DD6D86270EE3CE4A5C700
                                                                                                                                                                                                                                                                    Function 00007FFBAB0348D0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    • PyDEVMODE::PyDEVMODE - Unable to allocate DEVMODE of size %d, xrefs: 00007FFBAB034926
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: memcpy$Err_FormatReferencemalloc
                                                                                                                                                                                                                                                                    • String ID: PyDEVMODE::PyDEVMODE - Unable to allocate DEVMODE of size %d
                                                                                                                                                                                                                                                                    • API String ID: 3577276951-318570358
                                                                                                                                                                                                                                                                    • Opcode ID: e31a7c680d46d894b1b5cc69c1db71648538bd7e605b349bb94b818df4ba36f7
                                                                                                                                                                                                                                                                    • Instruction ID: d7f6f459c5bc126567d2b294330f83812ef589cbc7369343eb4410b503b71964
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e31a7c680d46d894b1b5cc69c1db71648538bd7e605b349bb94b818df4ba36f7
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A70152B2A0AA4692DB69CF26E9540783360FB48F85B448035DE6E07775EF3CE0B4C704
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF9750 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$String$Arg_Number_OccurredParseSizeSsize_tTuple_
                                                                                                                                                                                                                                                                    • String ID: O!O:new_array_type$negative array length
                                                                                                                                                                                                                                                                    • API String ID: 3893677698-1806197627
                                                                                                                                                                                                                                                                    • Opcode ID: c4ed2c729b4b2c7640f824f22b935a5f6fda3a3ea1c1c875c2918ceeff82829c
                                                                                                                                                                                                                                                                    • Instruction ID: bec6e790054eb5f7b18a6ec1602a61882f47462b5683718d88277ea80c6382f8
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c4ed2c729b4b2c7640f824f22b935a5f6fda3a3ea1c1c875c2918ceeff82829c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E00125E5B0A642D1EE169F75E4500696351BF84BA4F408372DD2E477B4DE6DE069C310
                                                                                                                                                                                                                                                                    Function 00007FFBAB03A490 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 34COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$BuildClearDeallocStringValue
                                                                                                                                                                                                                                                                    • String ID: (i)$invalid timestamp
                                                                                                                                                                                                                                                                    • API String ID: 3614533335-2037815563
                                                                                                                                                                                                                                                                    • Opcode ID: a4125f9ac3bd078db836ea3183772ef5e2680fe1127ed21b291754ada7f20038
                                                                                                                                                                                                                                                                    • Instruction ID: d98536f6722a93d75ee99f27f3be83c4aca84f808c513b32b000081d6cd886cc
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a4125f9ac3bd078db836ea3183772ef5e2680fe1127ed21b291754ada7f20038
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8014FB1A1AB4785EE6A8B35E85853823A0FF98B80F449031CD2E02774EE3CE4A48700
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF3870 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$DeallocFormatObject_OccurredUnicode_
                                                                                                                                                                                                                                                                    • String ID: integer %s does not fit '%s'
                                                                                                                                                                                                                                                                    • API String ID: 1393314426-3740469958
                                                                                                                                                                                                                                                                    • Opcode ID: 1417f39f60d5cc8e5c81f3e2f878eae02d76626ac1c73d114884677cd74cc626
                                                                                                                                                                                                                                                                    • Instruction ID: a3897f236e004bf66efac4c69d01affc0a98ffc3b58b1c880fd57ef458019b19
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1417f39f60d5cc8e5c81f3e2f878eae02d76626ac1c73d114884677cd74cc626
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1CF012A5F0A706A2EE1A4B35E9241782294BF59F95F448230DD2D467A4FE3CD4688310
                                                                                                                                                                                                                                                                    Function 00007FFBAB0391B0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AuthorityBuildErr_IdentifierSizeStringValidValue_
                                                                                                                                                                                                                                                                    • String ID: (BBBBBB)$GetSidIdentifierAuthority: Invalid SID in object
                                                                                                                                                                                                                                                                    • API String ID: 2215780243-3761804006
                                                                                                                                                                                                                                                                    • Opcode ID: b0d73a36f6f348ebcd5edebfb7f5035f7f32f6c59f003da0e19b92cbc8ac1e39
                                                                                                                                                                                                                                                                    • Instruction ID: 939a39903009c20995f3907e2c76157fe3dc44c02bf23ceace4cad0a0f4e2d31
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b0d73a36f6f348ebcd5edebfb7f5035f7f32f6c59f003da0e19b92cbc8ac1e39
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A017CB2A1968186E7668B31E8100387BA0FB84B85F08C031DEAF42371DF2CC574C700
                                                                                                                                                                                                                                                                    Function 00007FFBAB03C500 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Size$Arg_BuildErr_ParseStringTextTuple_UnicodeValue_
                                                                                                                                                                                                                                                                    • String ID: s#i$string size beyond INT_MAX
                                                                                                                                                                                                                                                                    • API String ID: 2518093472-3494499060
                                                                                                                                                                                                                                                                    • Opcode ID: dfd7dd9a82394ab18fc3658568d1f08c6994fe3d6dce12868a3255f76a01ff8a
                                                                                                                                                                                                                                                                    • Instruction ID: 3fd5eb8468ac3d0eef4a1cf23f4f705e3ae4c03aebf864018219571398a571ca
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dfd7dd9a82394ab18fc3658568d1f08c6994fe3d6dce12868a3255f76a01ff8a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F012CB1F09B4682EE268B35E4040A923A1FB85794F808132DD6E93774EE3CE169CB40
                                                                                                                                                                                                                                                                    Function 00007FFBAB03BC90 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CallsMakePending$ClearErr___acrt_iob_func__stdio_common_vfprintffprintf
                                                                                                                                                                                                                                                                    • String ID: Unhandled exception detected before entering Python.
                                                                                                                                                                                                                                                                    • API String ID: 322838838-920423093
                                                                                                                                                                                                                                                                    • Opcode ID: 736b9a258ff082faf70cc69d8895d9c1cebe8cae3e73d35b183ec6780337e48b
                                                                                                                                                                                                                                                                    • Instruction ID: 87f1f10e97d4b2dfd144a59db31e1a012ec0ac146cb8ef4d6b95dc35fb30af03
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 736b9a258ff082faf70cc69d8895d9c1cebe8cae3e73d35b183ec6780337e48b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 76E0ECE5E1B5028AF67A6B31EC0927522546F90B85F40C034CCAF51271EE2CA4798614
                                                                                                                                                                                                                                                                    Function 00007FFBAB002AC6 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 105stringCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: strncmp
                                                                                                                                                                                                                                                                    • String ID: internal error, please report!$st64$uint_fas$uint_lea$unsigned
                                                                                                                                                                                                                                                                    • API String ID: 1114863663-4294758678
                                                                                                                                                                                                                                                                    • Opcode ID: 57fe155cb000713b771c5643fc970107af7cb45d19fc53d20ad48ae4357838f0
                                                                                                                                                                                                                                                                    • Instruction ID: ebb443bebbfdcbbc43c0438d37ce38ac8220b03919c3e77ba121862a8ed4306a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 57fe155cb000713b771c5643fc970107af7cb45d19fc53d20ad48ae4357838f0
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3641B4B1A1AA46A9EF728F35C06427963A5FB04B94F44C235CE7D472E4DF38E561C304
                                                                                                                                                                                                                                                                    Function 00007FFBAB03B010 Relevance: 9.1, APIs: 6, Instructions: 76COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: List_$AppendDealloc
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1573934073-0
                                                                                                                                                                                                                                                                    • Opcode ID: f8b13b4d65d2c7b560fe5343b90ac936291079483877ea91accc04f82460e21b
                                                                                                                                                                                                                                                                    • Instruction ID: a6ffabf3a6cdecf9efec7db9f9bca7000178bb8a359e5961ab79cf87228780fa
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f8b13b4d65d2c7b560fe5343b90ac936291079483877ea91accc04f82460e21b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D63184B2A0BA4585FE7A5F25E5841386360AF44BA4F548234CEBE177F4EF2DE4618304
                                                                                                                                                                                                                                                                    Function 00007FFBAB03B120 Relevance: 9.1, APIs: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: List_$AppendBytes_DeallocFromSizeString
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3583985797-0
                                                                                                                                                                                                                                                                    • Opcode ID: b6289df08c14415418b15139dd86ea7f23e8c96486d306a0b356c10dd46804b6
                                                                                                                                                                                                                                                                    • Instruction ID: 8e8318396168185f58c6e95c8dff67dacb843cd1d1973b311dc85fe4fab75ed6
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b6289df08c14415418b15139dd86ea7f23e8c96486d306a0b356c10dd46804b6
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD217872A0B64145FE665F35E85823863A0AF45BA4F489334DE7E467F4EF2DE4618304
                                                                                                                                                                                                                                                                    Function 00007FFBAB009030 Relevance: 9.1, APIs: 6, Instructions: 63memoryCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Dealloc$AllocDict_FreeFromGenericLibraryStringType_Unicode_
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3239884862-0
                                                                                                                                                                                                                                                                    • Opcode ID: 9a7cba986aa1adb8815dc3a9370c4e7240fe704c893b24f5455ae57e26970716
                                                                                                                                                                                                                                                                    • Instruction ID: dd577e2626f0396c091b50de7eda21c030c8548fb4fb814a7f34f8ffffcac4eb
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a7cba986aa1adb8815dc3a9370c4e7240fe704c893b24f5455ae57e26970716
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 692101B2A0AB5295EE668F29E86423933A4FB48B94F148135DE5D42774DF3DE872C700
                                                                                                                                                                                                                                                                    Function 00007FFBAB036E50 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • _Py_NewReference.PYTHON312(?,?,?,00007FFBAB036D86), ref: 00007FFBAB036E6D
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03E3C8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBAB03E3E2
                                                                                                                                                                                                                                                                    • _Py_NewReference.PYTHON312(?,?,?,00007FFBAB036D86), ref: 00007FFBAB036E9A
                                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFBAB036D86), ref: 00007FFBAB036EA5
                                                                                                                                                                                                                                                                    • InitializeSecurityDescriptor.ADVAPI32(?,?,?,00007FFBAB036D86), ref: 00007FFBAB036EBE
                                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFBAB036D86), ref: 00007FFBAB036ED6
                                                                                                                                                                                                                                                                    • _Py_Dealloc.PYTHON312(?,?,?,00007FFBAB036D86), ref: 00007FFBAB036EF6
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB037B40: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFBAB031911), ref: 00007FFBAB037B5B
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB037B40: GetSecurityDescriptorLength.ADVAPI32(?,?,?,00007FFBAB031911), ref: 00007FFBAB037B64
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: DescriptorReferenceSecurityfreemalloc$DeallocInitializeLength
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2040291429-0
                                                                                                                                                                                                                                                                    • Opcode ID: 144ac3daedd37543ad79c42905b113054fa9168fe074a7adbcc65c11bb02cba7
                                                                                                                                                                                                                                                                    • Instruction ID: 5d9013b8924fa8ea1519571596cf420ed3f7b7e74a889af4fd410688bc7c0619
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 144ac3daedd37543ad79c42905b113054fa9168fe074a7adbcc65c11bb02cba7
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4F213B72A0AB0582EB699F21E94832973B4FB49B84F108034CE6E17775EF3CE5758344
                                                                                                                                                                                                                                                                    Function 00007FFBAB03D6E0 Relevance: 9.0, APIs: 6, Instructions: 35threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: DeallocValue$DeleteFreeLocalState_Thread
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1066789969-0
                                                                                                                                                                                                                                                                    • Opcode ID: 184bcfdcaf00f2f60805a083e4a3c7233bfc85e00bd7b69ac5073c6e02f5c8ec
                                                                                                                                                                                                                                                                    • Instruction ID: 26ad5e8f1a849ba4153ea0f9b69c43ea0d71bf6cf2dea62c98973af977a5e672
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 184bcfdcaf00f2f60805a083e4a3c7233bfc85e00bd7b69ac5073c6e02f5c8ec
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7901DBB6D0BA0286FA7B9B35E85853822A5BF89790F14C235CC2E12670AF3CA4748210
                                                                                                                                                                                                                                                                    Function 00007FFBAAFFD310 Relevance: 9.0, APIs: 6, Instructions: 28COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _errno$Value$malloc
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2897262332-0
                                                                                                                                                                                                                                                                    • Opcode ID: 66cf0a96e50a83292c77461faf4d1f5c74e11d4fc1bf15069ae591df5154adf2
                                                                                                                                                                                                                                                                    • Instruction ID: 4fce8d5c38cafb4953bc489c559beae15c496a9384e1b135ad307825f7f2faa0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 66cf0a96e50a83292c77461faf4d1f5c74e11d4fc1bf15069ae591df5154adf2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9DF0C2B5916706D6EB2A5F31E8742787360BF58B05B458135CE2D06370DE3CA8A5C620
                                                                                                                                                                                                                                                                    Function 00007FFBAAFFAE40 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAAFFA9D0: PyErr_Occurred.PYTHON312(00000000,?,00000000,00007FFBAAFFAE71,?,?,?,?,?,?,?,?,?,00007FFBAAFF732A), ref: 00007FFBAAFFAA57
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAAFFA9D0: PyErr_Occurred.PYTHON312(?,?,?,?,?,?,?,?,?,00007FFBAAFF732A), ref: 00007FFBAAFFAAE1
                                                                                                                                                                                                                                                                    • PyObject_Malloc.PYTHON312(?,?,?,?,?,?,?,?,?,00007FFBAAFF732A), ref: 00007FFBAAFFAE91
                                                                                                                                                                                                                                                                    • PyErr_NoMemory.PYTHON312(?,?,?,?,?,?,?,?,?,00007FFBAAFF732A), ref: 00007FFBAAFFAE9F
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$Occurred$MallocMemoryObject_
                                                                                                                                                                                                                                                                    • String ID: libffi failed to build this function type
                                                                                                                                                                                                                                                                    • API String ID: 3589106435-1453035256
                                                                                                                                                                                                                                                                    • Opcode ID: 1dd2fd8a28603dd7219c4cd80ded654247bdc064e9ee20b1cfdb135d84d7bacf
                                                                                                                                                                                                                                                                    • Instruction ID: d7d5d3c17969157b7b3f676143af634d05d0b423d09fa9b403bcaef4d4c2c1d5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1dd2fd8a28603dd7219c4cd80ded654247bdc064e9ee20b1cfdb135d84d7bacf
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1341A2B2A0AB41C6EB5A9F35E40026D73A4FB84B84F408172EE5DC7798EF3DE8558710
                                                                                                                                                                                                                                                                    Function 00007FFBAB0065C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    • recursion overflow in ffi.include() delegations, xrefs: 00007FFBAB006689
                                                                                                                                                                                                                                                                    • function, global variable or non-integer constant '%.200s' must be fetched from its original 'lib' object, xrefs: 00007FFBAB00662E
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_Format
                                                                                                                                                                                                                                                                    • String ID: function, global variable or non-integer constant '%.200s' must be fetched from its original 'lib' object$recursion overflow in ffi.include() delegations
                                                                                                                                                                                                                                                                    • API String ID: 376477240-3674543662
                                                                                                                                                                                                                                                                    • Opcode ID: e612dd5f5f6d77ef56a9a6acc4a542ce2d2f188dc3408947c946df801d74743c
                                                                                                                                                                                                                                                                    • Instruction ID: e5f741263bbef9e4b9633e769d2310a1d6e5762b09039775f76c5266b422626a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e612dd5f5f6d77ef56a9a6acc4a542ce2d2f188dc3408947c946df801d74743c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A31B2A1B0AA529AEE328B25F42027A6391FB45BA4F088531DE6D477A5DF3CE4658700
                                                                                                                                                                                                                                                                    Function 00007FFBAB008892 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB0053C0: PyErr_Format.PYTHON312(?,?,840FC08548F08B48,00007FFBAB0060F7), ref: 00007FFBAB00540A
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB0053C0: _Py_Dealloc.PYTHON312(?,?,840FC08548F08B48,00007FFBAB0060F7), ref: 00007FFBAB005427
                                                                                                                                                                                                                                                                    • PyErr_Format.PYTHON312 ref: 00007FFBAB0088DE
                                                                                                                                                                                                                                                                    • _Py_Dealloc.PYTHON312 ref: 00007FFBAB008946
                                                                                                                                                                                                                                                                    • PyDict_SetItem.PYTHON312(?,?,00000000,?,?,00000000,00007FFBAB009186), ref: 00007FFBAB008A25
                                                                                                                                                                                                                                                                    • _Py_Dealloc.PYTHON312(?,?,00000000,?,?,00000000,00007FFBAB009186), ref: 00007FFBAB008A3B
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    • global variable '%.200s' should be %zd bytes according to the cdef, but is actually %zd, xrefs: 00007FFBAB0088CF
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Dealloc$Err_Format$Dict_Item
                                                                                                                                                                                                                                                                    • String ID: global variable '%.200s' should be %zd bytes according to the cdef, but is actually %zd
                                                                                                                                                                                                                                                                    • API String ID: 3830123900-276371364
                                                                                                                                                                                                                                                                    • Opcode ID: b17bbecdf54f46c81aaf50cb78c98097300c5b52b4c2a3511b45be4f5bda5f9e
                                                                                                                                                                                                                                                                    • Instruction ID: 2e2b3087a04c30217eddb02cb02dc42886dcc1f0dd085c9042f676dbc8d3cea0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b17bbecdf54f46c81aaf50cb78c98097300c5b52b4c2a3511b45be4f5bda5f9e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 97217CA2A0A75291FE769B71D52027A2B90BF45FD4F088131CE2D47BA5DF3CE5619300
                                                                                                                                                                                                                                                                    Function 00007FFBAB036990 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Unicode_
                                                                                                                                                                                                                                                                    • String ID: Internal$InternalHigh$hEvent
                                                                                                                                                                                                                                                                    • API String ID: 2646675794-1769053571
                                                                                                                                                                                                                                                                    • Opcode ID: f1d39640334fae646abf404db770a728ad25418bece115b56819633ea03a6ba7
                                                                                                                                                                                                                                                                    • Instruction ID: b31f94b87e300f95c6a270e87bf9458e274e1ec82656931fd1e3cb0ae86e300b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f1d39640334fae646abf404db770a728ad25418bece115b56819633ea03a6ba7
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 91216772B1EE8181EB668B26E5540396360FB48BD4F089031EF6E57769EE2CD4A1C704
                                                                                                                                                                                                                                                                    Function 00007FFBAB000A92 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _errno$_strtoui64
                                                                                                                                                                                                                                                                    • String ID: float$number too large
                                                                                                                                                                                                                                                                    • API String ID: 3513630032-3713550434
                                                                                                                                                                                                                                                                    • Opcode ID: 8b555e53dccf0ac3aa68f58e92f4ef0fb3a5d013198a565efb72fa168ef15a39
                                                                                                                                                                                                                                                                    • Instruction ID: dc1f0fa2f7cd6a0bee7f72f651b5116f56dcc488df2704d33d7403df4e3ea23b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b555e53dccf0ac3aa68f58e92f4ef0fb3a5d013198a565efb72fa168ef15a39
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA2130B2A0A64995EF724B34D42427923A1FB55BA4F408232CE7E422F4DF7CD4A5D710
                                                                                                                                                                                                                                                                    Function 00007FFBAB000B1E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _errno$_strtoui64
                                                                                                                                                                                                                                                                    • String ID: long$number too large
                                                                                                                                                                                                                                                                    • API String ID: 3513630032-2213527609
                                                                                                                                                                                                                                                                    • Opcode ID: d769864d9b87d5f4958fa7ca3205c7de17b8c671f64d66af0c69a27c253bb350
                                                                                                                                                                                                                                                                    • Instruction ID: 0b4a97be8a5fbf477d91e21833671ab5f9b8fb5e3fb682852c18de0d3130b8f0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d769864d9b87d5f4958fa7ca3205c7de17b8c671f64d66af0c69a27c253bb350
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 322181B2A0A64995EF728B34D42427923A1FB55BA8F108232CE7E422F4DF7CD4A5C710
                                                                                                                                                                                                                                                                    Function 00007FFBAB037C00 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_DescriptorInitializeParseSecurityTuple
                                                                                                                                                                                                                                                                    • String ID: :Initialize$InitializeSecurityDescriptor
                                                                                                                                                                                                                                                                    • API String ID: 3008588735-475701968
                                                                                                                                                                                                                                                                    • Opcode ID: a607c9aa78ca3169caf3f180d21fd4df5d9479bcf2dc38f2f5468736b10cb754
                                                                                                                                                                                                                                                                    • Instruction ID: b48bcd7b2ba8977e17fb377110867161984c7ed3f55d793e65f920646dcd9226
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a607c9aa78ca3169caf3f180d21fd4df5d9479bcf2dc38f2f5468736b10cb754
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8711BB62B1DA4181EB658B32F54423A6761FF88BC0F48D035DE6E57769EF2CD4518704
                                                                                                                                                                                                                                                                    Function 00007FFBAB035810 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_ParseReferenceTuple
                                                                                                                                                                                                                                                                    • String ID: The object is not a PyHANDLE object$|O:HANDLERegistry
                                                                                                                                                                                                                                                                    • API String ID: 709158290-3143913545
                                                                                                                                                                                                                                                                    • Opcode ID: d50cbd8e4d7ce53099b5c43a06c2957648a9a4a107dfa02c32a3319bf10f1a76
                                                                                                                                                                                                                                                                    • Instruction ID: ac355ee91360ae20c1167f76994c32bf57b621cdf4b49c6b79671ebca42455ec
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d50cbd8e4d7ce53099b5c43a06c2957648a9a4a107dfa02c32a3319bf10f1a76
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED213BB2A0AB4295EA668F25F8840A97370FB84780F549032DF6D53674EF3CE5B5C340
                                                                                                                                                                                                                                                                    Function 00007FFBAB035460 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CharDeallocFromObject_PrintUnicode_Widewsprintf
                                                                                                                                                                                                                                                                    • String ID: <%hs at %Id (%Id)>
                                                                                                                                                                                                                                                                    • API String ID: 2754229576-3200932714
                                                                                                                                                                                                                                                                    • Opcode ID: e2c73810facc8508b6838acf4e95acea6fe770c862bcc3c3d108e358108a0f53
                                                                                                                                                                                                                                                                    • Instruction ID: d557d263f482b2d7c0e32dd0b3ffac7bd17ec401603ad1c53d0cb6f5b937f7df
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e2c73810facc8508b6838acf4e95acea6fe770c862bcc3c3d108e358108a0f53
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 671163B2B16B4585EA669B25F8587A963A0FB98FA4F408231DD6E437B0EE3CD0558700
                                                                                                                                                                                                                                                                    Function 00007FFBAB034F10 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_ParseReferenceTuple
                                                                                                                                                                                                                                                                    • String ID: The object is not a PyHANDLE object$|O:HANDLE
                                                                                                                                                                                                                                                                    • API String ID: 709158290-2911939918
                                                                                                                                                                                                                                                                    • Opcode ID: 32da26a186c7aa4914931394e7c6df3db8a8ee8773740c1db7cd4f19ad8b0cef
                                                                                                                                                                                                                                                                    • Instruction ID: 1c6886c7017eb9f0e9fae1449f5133dcc5946db4dce11741cd58de97adaf34e3
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 32da26a186c7aa4914931394e7c6df3db8a8ee8773740c1db7cd4f19ad8b0cef
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD216DB2A0AB4285EA65CB21F8441A97370FB84780F549031EE6D47674EF3DE5B5C340
                                                                                                                                                                                                                                                                    Function 00007FFBAB03C630 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51timeCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Time$Arg_DateFileParseSizeTuple_
                                                                                                                                                                                                                                                                    • String ID: DosDateTimeToFileTime$FileTimeToSystemTime
                                                                                                                                                                                                                                                                    • API String ID: 2214670548-3006328108
                                                                                                                                                                                                                                                                    • Opcode ID: 87dbc75f81b642d7e03782057ba3e3b8bd81e33503cd8eb33867510604a29585
                                                                                                                                                                                                                                                                    • Instruction ID: bc3330564617ac67dc4d75c99e9315c4ddbcb30e2e46e0e2974273ccd2e04ea5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 87dbc75f81b642d7e03782057ba3e3b8bd81e33503cd8eb33867510604a29585
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B7118EA3E0D94251FA76EB31E8151BA33A1FFC4744FC09032DD5D82575EE2CD5558B00
                                                                                                                                                                                                                                                                    Function 00007FFBAB031970 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_Formatmemcpyrealloc
                                                                                                                                                                                                                                                                    • String ID: SetACL: Unable to reallocate ACL to size %d
                                                                                                                                                                                                                                                                    • API String ID: 2667793433-1849531889
                                                                                                                                                                                                                                                                    • Opcode ID: b9ae1438e4236204653b7ae9cedeb3c3a4368ced16903ebafc281e17da4f6f3c
                                                                                                                                                                                                                                                                    • Instruction ID: c7fc0315d4849609712f485b28e0abf4d740ca0905ae46c09f37e54b69c016f6
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b9ae1438e4236204653b7ae9cedeb3c3a4368ced16903ebafc281e17da4f6f3c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A118462B09B8181E6299F22E44513973A0FB48FC0B04C435DE9D47765DF3CD0A19744
                                                                                                                                                                                                                                                                    Function 00007FFBAB034C90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_String
                                                                                                                                                                                                                                                                    • String ID: Object must be a PyDEVMODEW$PyDEVMODE cannot be None in this context
                                                                                                                                                                                                                                                                    • API String ID: 1450464846-2899910425
                                                                                                                                                                                                                                                                    • Opcode ID: 0fb4a806d0ccb91fd8fc5085e5c0bcb0dcf69eaf29f9219200685665ecb88d4e
                                                                                                                                                                                                                                                                    • Instruction ID: 1b4db184ab49af8752d0035ec8a3f277eb95033afc1434ac987604d5b8caecf1
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0fb4a806d0ccb91fd8fc5085e5c0bcb0dcf69eaf29f9219200685665ecb88d4e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 831154B2B1AA0685EFA68F39F4842682360FB88B84F54D031DE2D47775EE3DD4A5C704
                                                                                                                                                                                                                                                                    Function 00007FFBAB03CD80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • PyLong_AsVoidPtr.PYTHON312 ref: 00007FFBAB03CD95
                                                                                                                                                                                                                                                                    • PyErr_Occurred.PYTHON312 ref: 00007FFBAB03CDA3
                                                                                                                                                                                                                                                                    • PyErr_Clear.PYTHON312 ref: 00007FFBAB03CDAE
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyNumber_Long.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CB65
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CB73
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyLong_AsLongLong.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CB81
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CB90
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyErr_Clear.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CB9B
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyLong_AsUnsignedLongLong.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CBA4
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CBB3
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: _Py_Dealloc.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CBC7
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyErr_Format.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CBE6
                                                                                                                                                                                                                                                                    • PyErr_Format.PYTHON312 ref: 00007FFBAB03CDDC
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$Long$Occurred$Long_$ClearFormat$DeallocNumber_UnsignedVoid
                                                                                                                                                                                                                                                                    • String ID: WPARAM is simple, so must be an int object (got %s)
                                                                                                                                                                                                                                                                    • API String ID: 4021378859-3057595559
                                                                                                                                                                                                                                                                    • Opcode ID: 3e07ab2fde876340903de18c603ba2189048f057fcc304b848261276f66459d7
                                                                                                                                                                                                                                                                    • Instruction ID: 048b45f252205b6401fba5a2e383e1ac9c0736398e7d1829bae476ccdbac629a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e07ab2fde876340903de18c603ba2189048f057fcc304b848261276f66459d7
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 440175B1B1AB8281EB658B26F4440696760FF88FD4F089035EE5E57764EF3CE4A08700
                                                                                                                                                                                                                                                                    Function 00007FFBAB039120 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Authority$Arg_CountErr_ParseSizeStringTuple_
                                                                                                                                                                                                                                                                    • String ID: The index is out of range
                                                                                                                                                                                                                                                                    • API String ID: 2377407092-505141048
                                                                                                                                                                                                                                                                    • Opcode ID: ab659c3e0758885cbb4e411234c526d0d92208241b1e3b98633725ba134c73f6
                                                                                                                                                                                                                                                                    • Instruction ID: 4c5ce4c9a7ccdfe9666ff91e95048e7390fa3c81a36451c1482b9d9812d890c9
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ab659c3e0758885cbb4e411234c526d0d92208241b1e3b98633725ba134c73f6
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F1012DB2A1AA4696EB2A8F31E8840693360FBC4B44F409032DE6E53374EE3CD4A4C700
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF9BA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_ParseSizeTuple_strcmp
                                                                                                                                                                                                                                                                    • String ID: FILE$s:new_struct_type$struct _IO_FILE
                                                                                                                                                                                                                                                                    • API String ID: 3757293142-674226114
                                                                                                                                                                                                                                                                    • Opcode ID: d3c1eaf1a619d6f01479990b3fd3afb304858df8e18bc677350aa9ca56b7e87d
                                                                                                                                                                                                                                                                    • Instruction ID: bd1dec3ebbda048761beaff6a0a6333a6dc90aa6a9fae13415f3a41d95a6fa6e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d3c1eaf1a619d6f01479990b3fd3afb304858df8e18bc677350aa9ca56b7e87d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6501D8A1A1D682C1DF169B32E8902B973A5FBC5780F8C4171DE8E83264CF3DD556CB14
                                                                                                                                                                                                                                                                    Function 00007FFBAAFFC770 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_Err_ParseSizeStringTuple_
                                                                                                                                                                                                                                                                    • String ID: O!O!n:rawaddressof$expected a cdata struct/union/array/pointer object$expected a pointer ctype
                                                                                                                                                                                                                                                                    • API String ID: 4247878537-375230600
                                                                                                                                                                                                                                                                    • Opcode ID: 62ac0ff20347afacaa3c02de309df9dfafdfffb469a59a94c014fcce2f19b2cb
                                                                                                                                                                                                                                                                    • Instruction ID: c5556942446e75893e2a1265b98950d4da6495ec048fe67c46c9782ce48c39a5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62ac0ff20347afacaa3c02de309df9dfafdfffb469a59a94c014fcce2f19b2cb
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E91151A6A0DB86D1EE16CB34E45016933A0FB84B94F904232DEAD83674DF3CD11AC700
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF5BE0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_ErrorFatalFormatFunc
                                                                                                                                                                                                                                                                    • String ID: float() not supported on cdata '%s'$read_raw_float_data$read_raw_float_data: bad float size
                                                                                                                                                                                                                                                                    • API String ID: 4046554067-1430910167
                                                                                                                                                                                                                                                                    • Opcode ID: 8180d44e58be22b8e35fcd9f27d03361bc7b5bc384cbab823499f85c3d5d2c7b
                                                                                                                                                                                                                                                                    • Instruction ID: 3d184a5e3bd21e519708d3deb914418c9f0f90b7a74e07e64aa78e291dd27d1b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8180d44e58be22b8e35fcd9f27d03361bc7b5bc384cbab823499f85c3d5d2c7b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B30192B1E09A06D2EE56CB39E89046C2360FB45749F908136CD5E67630DF3CE5AAC710
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF2FC0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Dict_Next$ErrorFatalFunc
                                                                                                                                                                                                                                                                    • String ID: _cffi_backend: get_field_name()$get_field_name
                                                                                                                                                                                                                                                                    • API String ID: 3667637998-2451131939
                                                                                                                                                                                                                                                                    • Opcode ID: 03f614cf1b26a486d67e83469655703be6fa39dc8ab145661b77ea4639d8ebc6
                                                                                                                                                                                                                                                                    • Instruction ID: 83ee4a15e21cff47574836b55f3a0082cb4f03502aad8defa848b05ae49a95d8
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 03f614cf1b26a486d67e83469655703be6fa39dc8ab145661b77ea4639d8ebc6
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED019AA2618A86E2DE118F24E4502AAA330FB84788F404232EF9D43928DF7DD56AC710
                                                                                                                                                                                                                                                                    Function 00007FFBAB03D2F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Long$FromLong_$BuildSizeValue_
                                                                                                                                                                                                                                                                    • String ID: NiNNi(ii)
                                                                                                                                                                                                                                                                    • API String ID: 4007579727-1588869203
                                                                                                                                                                                                                                                                    • Opcode ID: 5d063a518c74a9428d61dbe571b0a0cfe69347eb100fb3d5cc1283e73626d560
                                                                                                                                                                                                                                                                    • Instruction ID: a7aa3d79069c1218523e0ae30a22bd14ea3e5e10b042f0938f276aae8fe56166
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d063a518c74a9428d61dbe571b0a0cfe69347eb100fb3d5cc1283e73626d560
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2B018476A09A4187D765CF22F48442AB7A0F78CBA0B148125EFDE53B28DF3CE495CB00
                                                                                                                                                                                                                                                                    Function 00007FFBAAFFD610 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Buffer_$BufferContiguousErr_Object_ReleaseString
                                                                                                                                                                                                                                                                    • String ID: contiguous buffer expected
                                                                                                                                                                                                                                                                    • API String ID: 2934809616-3992619153
                                                                                                                                                                                                                                                                    • Opcode ID: 5db9bef5998fb5640b032573027d7d0fb53907e88e0b0f49e9b153ec71466374
                                                                                                                                                                                                                                                                    • Instruction ID: 269039aa13adad6c5b466a3be5adbb91bda58ac5ce1f3efa88eb0c3fc7045ff0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5db9bef5998fb5640b032573027d7d0fb53907e88e0b0f49e9b153ec71466374
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CEF08290B1650793EF265B36EC6053413549F44BA5B449231DC2DCB2B0DF2DE4F9C720
                                                                                                                                                                                                                                                                    Function 00007FFBAB002814 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 121stringCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: strncmp
                                                                                                                                                                                                                                                                    • String ID: int_leas$int_leas$internal error, please report!$unsigned
                                                                                                                                                                                                                                                                    • API String ID: 1114863663-2343043947
                                                                                                                                                                                                                                                                    • Opcode ID: 015bd48bddb8824b560b29c5439a69d89cca2bddccfefe0a82061ac84b8aa873
                                                                                                                                                                                                                                                                    • Instruction ID: cfca975812fdf2f8c3d2e4ea2b9e91e5510a20f65497ec3859275dff25cc8a9a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 015bd48bddb8824b560b29c5439a69d89cca2bddccfefe0a82061ac84b8aa873
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 165190A2A0A646A9EF728E25C06427963A5FB14B94F54C635CF7C072E4DF38E5B18300
                                                                                                                                                                                                                                                                    Function 00007FFBAB002748 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 115stringCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: strncmp
                                                                                                                                                                                                                                                                    • String ID: int_fast$int_fast$internal error, please report!$unsigned
                                                                                                                                                                                                                                                                    • API String ID: 1114863663-1550732720
                                                                                                                                                                                                                                                                    • Opcode ID: 7fb808e3243b1eccd15f27a2cc5ff3ac5710b8099dd3771d7ba565ae8e2080e2
                                                                                                                                                                                                                                                                    • Instruction ID: 5c96510103d83df888f78552ddac498a6dd0874d7dfd43b5f167c8f4aa9506cc
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7fb808e3243b1eccd15f27a2cc5ff3ac5710b8099dd3771d7ba565ae8e2080e2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4341C2A191AA46A9EF728F34C06527D23A1FB44B94F54C235CF2D032E4DF38E9B18300
                                                                                                                                                                                                                                                                    Function 00007FFBAB002676 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 101stringCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: strncmp
                                                                                                                                                                                                                                                                    • String ID: int1$internal error, please report!$uint$unsigned
                                                                                                                                                                                                                                                                    • API String ID: 1114863663-2030261656
                                                                                                                                                                                                                                                                    • Opcode ID: dd7b6feac4bc839add38f1d96b9a4d95e4dcc33f6e81e414c148ef940e7b67b4
                                                                                                                                                                                                                                                                    • Instruction ID: 1b08f029cf666a9fd7eb22df854d9e6a2ee874d84e7c32c463e086599a1a0d44
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dd7b6feac4bc839add38f1d96b9a4d95e4dcc33f6e81e414c148ef940e7b67b4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E4190B2A1A646A9EF728F35C06457963A5FB48B94F44C236CE2D432F4DF38E5A5C304
                                                                                                                                                                                                                                                                    Function 00007FFBAB002606 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 99stringCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: strncmp
                                                                                                                                                                                                                                                                    • String ID: char$internal error, please report!$uint$unsigned
                                                                                                                                                                                                                                                                    • API String ID: 1114863663-251110698
                                                                                                                                                                                                                                                                    • Opcode ID: fba7c78b7183605409f3c39be0df86d09a839a14d1e430c7521bcdd47ac00f27
                                                                                                                                                                                                                                                                    • Instruction ID: d0b2c72a8d4d198a40e615a97f8415adf0fb213d913dad82cbabf9ffb5dea91c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fba7c78b7183605409f3c39be0df86d09a839a14d1e430c7521bcdd47ac00f27
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7E4192B2A0A646A9EF728F34C06467963A5FB44B94F54C236CE3D432F4DF38E965C204
                                                                                                                                                                                                                                                                    Function 00007FFBAB0029E4 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 94stringCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: strncmp
                                                                                                                                                                                                                                                                    • String ID: internal error, please report!$st16$uint_lea$unsigned
                                                                                                                                                                                                                                                                    • API String ID: 1114863663-1267798215
                                                                                                                                                                                                                                                                    • Opcode ID: e22da5fddbaa9156f254b1af0532b78376facae4fd869ae50842582d7ff44cd2
                                                                                                                                                                                                                                                                    • Instruction ID: 380186a480db7f4fb1b53f5bdaa28b3f46990e2fad5cf48a9f4e111cad2e70b6
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e22da5fddbaa9156f254b1af0532b78376facae4fd869ae50842582d7ff44cd2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E741A2B2A0AA4699EF728F35C06427963A5FB48B98F44C235CE7D472B4DF38E565C304
                                                                                                                                                                                                                                                                    Function 00007FFBAB002A55 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 94stringCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: strncmp
                                                                                                                                                                                                                                                                    • String ID: internal error, please report!$st32$uint_lea$unsigned
                                                                                                                                                                                                                                                                    • API String ID: 1114863663-1748462505
                                                                                                                                                                                                                                                                    • Opcode ID: 82ea711a1a2771394661a39f183daea7182acf591b163173f6263457e3fe9c23
                                                                                                                                                                                                                                                                    • Instruction ID: b825fc5b7f70fb102eac3cf6a7f414b5f5bd67e30da69cca7f9ca906a73848ec
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 82ea711a1a2771394661a39f183daea7182acf591b163173f6263457e3fe9c23
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A41C0B2A0AA4699EF728F35C06427963A1FB08B98F44C235CE3D432B4DF38E565C304
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF27D0 Relevance: 7.6, APIs: 5, Instructions: 73COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: memcpy$Object_$Track
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2188153816-0
                                                                                                                                                                                                                                                                    • Opcode ID: 8d39ba9a516e2aa9c55477cf39b639d8cea50ccd583237adc13a4fbad319f85d
                                                                                                                                                                                                                                                                    • Instruction ID: d4551e0dcdad5036539052969eea66460227e6cb234c54eefc03989b7464a3a6
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d39ba9a516e2aa9c55477cf39b639d8cea50ccd583237adc13a4fbad319f85d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9F21E672605B9089DB15CF25F9841A977A4FB08BE4B054235EE5D43B94DF3CD066C340
                                                                                                                                                                                                                                                                    Function 00007FFBAB037B40 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: DescriptorSecurity$ControlLengthfreemallocmemcpy
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3383347431-0
                                                                                                                                                                                                                                                                    • Opcode ID: 2bbe38348c2f00229164cbdda6c70da1ec05e543728ec76a17c1fda9eb1c925f
                                                                                                                                                                                                                                                                    • Instruction ID: 4458d6c5a4332a824ea65a6b5ea07804ba5679b90a1549661c2e1d188ef660aa
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2bbe38348c2f00229164cbdda6c70da1ec05e543728ec76a17c1fda9eb1c925f
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9111D673709A4142FB299B79F5442F95264EB48BD4F044035EF1D477A5EF2CC8A58704
                                                                                                                                                                                                                                                                    Function 00007FFBAB0389F0 Relevance: 7.6, APIs: 5, Instructions: 57COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • _Py_NewReference.PYTHON312(?,?,?,00007FFBAB036FA7,?,?,?,00007FFBAB036DB3), ref: 00007FFBAB038A0D
                                                                                                                                                                                                                                                                    • GetSecurityDescriptorLength.ADVAPI32(?,?,?,00007FFBAB036FA7,?,?,?,00007FFBAB036DB3), ref: 00007FFBAB038A1E
                                                                                                                                                                                                                                                                    • GetSecurityDescriptorControl.ADVAPI32(?,?,?,00007FFBAB036FA7,?,?,?,00007FFBAB036DB3), ref: 00007FFBAB038A4F
                                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFBAB036FA7,?,?,?,00007FFBAB036DB3), ref: 00007FFBAB038A68
                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,?,00007FFBAB036FA7,?,?,?,00007FFBAB036DB3), ref: 00007FFBAB038A7B
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: DescriptorSecurity$ControlLengthReferencemallocmemcpy
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3412238872-0
                                                                                                                                                                                                                                                                    • Opcode ID: af7347515c41f927a2f41c8b097ef964e323764c9e35b540a02784828c4adbf5
                                                                                                                                                                                                                                                                    • Instruction ID: 056c840c573bb1f9a48a8d15ddf6b3b092e7f6dfc7ad088f8800d799c26f3ae0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: af7347515c41f927a2f41c8b097ef964e323764c9e35b540a02784828c4adbf5
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 37119066709B4182FA659B7AE5043A96364FB84BD4F088031CF5C03BA5EF7CD5E5C704
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF15A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Value$ErrorLast_errnomalloc
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2411484184-0
                                                                                                                                                                                                                                                                    • Opcode ID: 3e4e61a80bbeba22cc3833b5469f257e1a1042adebcae4d349094eb11da3e262
                                                                                                                                                                                                                                                                    • Instruction ID: a002ebacf8153b09e6627a728edf2e392bb5716755c23870809442b3be22f249
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e4e61a80bbeba22cc3833b5469f257e1a1042adebcae4d349094eb11da3e262
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FE012CB1D0A74192EA268F31E454128B7A0EF88B50B498235DE2D17324DF3CE4E5C710
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF1610 Relevance: 7.5, APIs: 5, Instructions: 25COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Value$ErrorLast_errnomalloc
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2411484184-0
                                                                                                                                                                                                                                                                    • Opcode ID: 1153df27d0eec72bc73d7e8771a8c4585598cac211cf4b56834b644e0d4047b4
                                                                                                                                                                                                                                                                    • Instruction ID: 300f0074a677d814e8da00505974c7763fa56f7f766a05844603cf6b7842c68d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1153df27d0eec72bc73d7e8771a8c4585598cac211cf4b56834b644e0d4047b4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8F01DA1D1674697EF2A8F30E8645787360AF58B50B498234CE2D0A370EF2CA8E5C620
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF6E30 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 123COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_String
                                                                                                                                                                                                                                                                    • String ID: array size would overflow a Py_ssize_t
                                                                                                                                                                                                                                                                    • API String ID: 1450464846-3850734049
                                                                                                                                                                                                                                                                    • Opcode ID: 53d5dcc225a2045c42cefc467971b268b8ffa92037d3f934b02abc59e55d5402
                                                                                                                                                                                                                                                                    • Instruction ID: 619d162d441d9688def8dc32dd2a85d83bfa5b51e0eb448e3f8a3114b3aff88b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 53d5dcc225a2045c42cefc467971b268b8ffa92037d3f934b02abc59e55d5402
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB41B6A1B0A681C1EE9A8B35F80013DA364FB44BD4F445679EE2E877D4EF2DE496C310
                                                                                                                                                                                                                                                                    Function 00007FFBAB039D20 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_Err_ParseStringTuple
                                                                                                                                                                                                                                                                    • String ID: iiiiiiiii|i$year out of range
                                                                                                                                                                                                                                                                    • API String ID: 385655187-1001734015
                                                                                                                                                                                                                                                                    • Opcode ID: bdb6a63c852c7cf84773621299bc6dcc79d39ca74b6c218579789cb9ceecb365
                                                                                                                                                                                                                                                                    • Instruction ID: 86ffe4451781f5bdfe140cf006c5127755d7b0896da83585bf8ee02a5f81a9ed
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bdb6a63c852c7cf84773621299bc6dcc79d39ca74b6c218579789cb9ceecb365
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 75318DB3B18B0586E329CF24D4485AC33A5F748B80B55823ACBAE47710DF3AE9A1C740
                                                                                                                                                                                                                                                                    Function 00007FFBAB03A330 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72timeCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Timefloor$SystemVariant
                                                                                                                                                                                                                                                                    • String ID: VariantTimeToSystemTime
                                                                                                                                                                                                                                                                    • API String ID: 1266533630-2676162551
                                                                                                                                                                                                                                                                    • Opcode ID: dc397b296f06fc7e1d3c323fad90fc2e41b045541a9b3741c62cc6411df5889f
                                                                                                                                                                                                                                                                    • Instruction ID: 976ff8d090271a7fd3cf413f7345323a019480a4e267b610c70e8adad5624e53
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc397b296f06fc7e1d3c323fad90fc2e41b045541a9b3741c62cc6411df5889f
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5F31C4B2C28E9545E2278734D8651A5E359BFEA388B44D333FC6EB1571EF28E0E24600
                                                                                                                                                                                                                                                                    Function 00007FFBAAFFC3E0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$FormatString
                                                                                                                                                                                                                                                                    • String ID: ctype '%s' is of unknown size$expected a 'cdata' or 'ctype' object
                                                                                                                                                                                                                                                                    • API String ID: 4212644371-2764735189
                                                                                                                                                                                                                                                                    • Opcode ID: f993169da9ba0805266c489c592bdc59141b5069f7297e92ec8db654f0153b30
                                                                                                                                                                                                                                                                    • Instruction ID: 5ef6b03f9016a351a59987d18da6894b61c93c2e348ecedc90cdd902479c3e7c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f993169da9ba0805266c489c592bdc59141b5069f7297e92ec8db654f0153b30
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D310BE1B06A16D1EE2BCB35E49017823A4FB44B54B804573CD1E836A0DE2DE4AAC320
                                                                                                                                                                                                                                                                    Function 00007FFBAAFC2460 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311289279.00007FFBAAFC1000.00000020.00000001.01000000.00000029.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311268918.00007FFBAAFC0000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311310302.00007FFBAAFC5000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311330045.00007FFBAAFC6000.00000004.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311385032.00007FFBAAFC7000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaafc0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _wassertmemcpy
                                                                                                                                                                                                                                                                    • String ID: D:\a\pycryptodome\pycryptodome\src\hash_SHA2_template.c$hs->curlen < BLOCK_SIZE
                                                                                                                                                                                                                                                                    • API String ID: 785382960-3286700114
                                                                                                                                                                                                                                                                    • Opcode ID: 8e307c5d76f5c296c65b880e1eedf86098b3d88c76ad4ba263cbc005006bb698
                                                                                                                                                                                                                                                                    • Instruction ID: 21a5598c0ae9605b9a87edec44ba008cce720892ef30e1377e07761ca199e2a1
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e307c5d76f5c296c65b880e1eedf86098b3d88c76ad4ba263cbc005006bb698
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5A21D0B2B19611C7EB59AF36E0502696368FB44B88F185075DE4A87B99CB3ED8428600
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF39A0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • PyErr_Format.PYTHON312 ref: 00007FFBAAFF3A91
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAAFF11A0: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFBAAFF11EB
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_Format__stdio_common_vsprintf
                                                                                                                                                                                                                                                                    • String ID: initializer for ctype 'char16_t' must be a unicode string of length 1, not %.200s$larger-than-0xFFFF character$unicode string of length %zd
                                                                                                                                                                                                                                                                    • API String ID: 3682193652-3085492373
                                                                                                                                                                                                                                                                    • Opcode ID: d9a52256394ca209d69185e9522fdda6d0659da3ea5731f036b4952aa5f11bf7
                                                                                                                                                                                                                                                                    • Instruction ID: bf1d1f11b58896ab37471094c1b99f22cbbafda675326dd66d9e2925388a0d9f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d9a52256394ca209d69185e9522fdda6d0659da3ea5731f036b4952aa5f11bf7
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F315CA5A0A682D1EE6ACB35E05037D3364BB84B44F844273DE6D822A4DF3EE55EC710
                                                                                                                                                                                                                                                                    Function 00007FFBAB03D200 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_ParseSizeTuple_
                                                                                                                                                                                                                                                                    • String ID: OiOOi(ii):MSG param$The object is not a PyHANDLE object
                                                                                                                                                                                                                                                                    • API String ID: 2270327996-2297966167
                                                                                                                                                                                                                                                                    • Opcode ID: 9424ad87bbcc8c5408d9988cc4dcd448fe0b5f34f80dcc76766e9d6ef4476183
                                                                                                                                                                                                                                                                    • Instruction ID: 25f82ad10962b60939f3ca515d13e171832cb440e53563f9986208033756616f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9424ad87bbcc8c5408d9988cc4dcd448fe0b5f34f80dcc76766e9d6ef4476183
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C2151B3B0AB0691EB228F25E4440A973A5FB94B84F458132DE6C47374EF38D575C744
                                                                                                                                                                                                                                                                    Function 00007FFBAB000A12 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _errno$_strtoui64
                                                                                                                                                                                                                                                                    • String ID: number too large
                                                                                                                                                                                                                                                                    • API String ID: 3513630032-2371285140
                                                                                                                                                                                                                                                                    • Opcode ID: dcebe2ae8830331afa836656fa3b68eada9c2121c6ce1db2067e079ab10a6846
                                                                                                                                                                                                                                                                    • Instruction ID: 1cf3e762bc0113a26c0b7c2173d733d9d6dae4c77fa22a7ea02a1cf8eb8b0599
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dcebe2ae8830331afa836656fa3b68eada9c2121c6ce1db2067e079ab10a6846
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 562165B2A0A64995EF764B34D42427923A0FB55B64F008232CE7E422F4EF7CD4A5C711
                                                                                                                                                                                                                                                                    Function 00007FFBAB000A52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _errno$_strtoui64
                                                                                                                                                                                                                                                                    • String ID: number too large
                                                                                                                                                                                                                                                                    • API String ID: 3513630032-2371285140
                                                                                                                                                                                                                                                                    • Opcode ID: 5155a17cd55b9e165c90d666b86e6ef95a7ef509c27d3c2f0acb9fe73825c9c2
                                                                                                                                                                                                                                                                    • Instruction ID: cfc4f37803840634979d611f60dad610619a6341d0a02d67ba2f737acd8e4812
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5155a17cd55b9e165c90d666b86e6ef95a7ef509c27d3c2f0acb9fe73825c9c2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F2162B2A0A64995EF724B34D42427923A0FB55BA4F108332CE7E422F4DF3CD4A5C711
                                                                                                                                                                                                                                                                    Function 00007FFBAB000AE3 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _errno$_strtoui64
                                                                                                                                                                                                                                                                    • String ID: number too large
                                                                                                                                                                                                                                                                    • API String ID: 3513630032-2371285140
                                                                                                                                                                                                                                                                    • Opcode ID: 112f6424b86a98f3ea236a3d606b92a59646babdcc9108b0389586330fb0ca88
                                                                                                                                                                                                                                                                    • Instruction ID: e2695e41533d55b9b557adf669c76cfa61c5002cff1fada50986603884e89ccd
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 112f6424b86a98f3ea236a3d606b92a59646babdcc9108b0389586330fb0ca88
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 412151B2A0A645A5EF728B34D42427927A1FB54BA8F00C232CE7E426F4DF7CD4A5C701
                                                                                                                                                                                                                                                                    Function 00007FFBAB038EF0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_InitializeParseSizeTuple_
                                                                                                                                                                                                                                                                    • String ID: (bbbbbb)b:Initialize$InitializeSid
                                                                                                                                                                                                                                                                    • API String ID: 3719922413-750340051
                                                                                                                                                                                                                                                                    • Opcode ID: 2853aa2cb39919d957a981e66e38e641e7025cba95939f0fdf6db46d98927918
                                                                                                                                                                                                                                                                    • Instruction ID: ff0e88ecd7d0c994b9fe4853046e95fa63b3b20da57499b29b1248ec7adbdb7c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2853aa2cb39919d957a981e66e38e641e7025cba95939f0fdf6db46d98927918
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 88216DB2B19A4691EB16CF21E8591AD33A1FB88740F814136CE7D46660EF39D569CB10
                                                                                                                                                                                                                                                                    Function 00007FFBAB007020 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_FromLong_SizeSsize_tStringTuple_
                                                                                                                                                                                                                                                                    • String ID: offsetof() expects at least 2 arguments
                                                                                                                                                                                                                                                                    • API String ID: 1664805531-4287892465
                                                                                                                                                                                                                                                                    • Opcode ID: c69a58c9674ffc29ad3da4d55475b201eb8f542bb871aa7370dad834da11a881
                                                                                                                                                                                                                                                                    • Instruction ID: 4d88230ed2c379c7f77e7ad76b06ea417fe763232ea4b9a6c43fe37847fa96d3
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c69a58c9674ffc29ad3da4d55475b201eb8f542bb871aa7370dad834da11a881
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F119362B1AA42D5EF268B31E4501792760FB89B85F485132EE5E43765DF2CD4B18710
                                                                                                                                                                                                                                                                    Function 00007FFBAB033D8C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_DeleteParseTuple
                                                                                                                                                                                                                                                                    • String ID: DeleteAce$l:DeleteAce
                                                                                                                                                                                                                                                                    • API String ID: 1230908747-3702189175
                                                                                                                                                                                                                                                                    • Opcode ID: 580d4995c30976671ec43622fb1abc4abbc5c184b1a1d2acfc6d921f1e308c7f
                                                                                                                                                                                                                                                                    • Instruction ID: 80414fdc7ffa5853568ce9a3539dd8bec1d46b9e49bf63d62624f2552aa66cae
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 580d4995c30976671ec43622fb1abc4abbc5c184b1a1d2acfc6d921f1e308c7f
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C0156E6A1A68646E7178F75E8901B83B70FF55B44F08D071CE9D82266EE2CE4B3D700
                                                                                                                                                                                                                                                                    Function 00007FFBAB034D50 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    • DEVMODE structure of size %d greater than supported size of %d, xrefs: 00007FFBAB034D8C
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_Format
                                                                                                                                                                                                                                                                    • String ID: DEVMODE structure of size %d greater than supported size of %d
                                                                                                                                                                                                                                                                    • API String ID: 376477240-1470040908
                                                                                                                                                                                                                                                                    • Opcode ID: 31e2062cbb1e77be5c04455be555e42aabfdbaff16b487831bfbe25ff830af8d
                                                                                                                                                                                                                                                                    • Instruction ID: f0e52d77c8ea33ac29fa4f311f10fb355ed614ed10f43c99e18f0847942a737f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 31e2062cbb1e77be5c04455be555e42aabfdbaff16b487831bfbe25ff830af8d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B1116A2F16A0685FF7A9F75E85427823A0FB88B54F449031CD2D4B7B1EE2CD4A5C314
                                                                                                                                                                                                                                                                    Function 00007FFBAB0350D0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: CloseHandle$The object is not a PyHANDLE object
                                                                                                                                                                                                                                                                    • API String ID: 0-4264222050
                                                                                                                                                                                                                                                                    • Opcode ID: 0e5af5bc048dff164d40552dc514e9a2b980e4fab7d31470d53ae96aeec852b1
                                                                                                                                                                                                                                                                    • Instruction ID: d08732ac4e1e0c02038652c06b9b20ee9a3ea15f3e5d2f0898e43dd407982e7f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0e5af5bc048dff164d40552dc514e9a2b980e4fab7d31470d53ae96aeec852b1
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB1156B2B1BA4281EA769B35D8A517553A0FF88754F848131DE2DC22B1EF2CD5658304
                                                                                                                                                                                                                                                                    Function 00007FFBAB038070 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_DescriptorOwnerParseSecurityTuple
                                                                                                                                                                                                                                                                    • String ID: :GetSecurityDescriptorOwner$GetSecurityDescriptorOwner
                                                                                                                                                                                                                                                                    • API String ID: 2338322640-1512101531
                                                                                                                                                                                                                                                                    • Opcode ID: 771e96b15b263e6d8951f84d50e1b1bf4d9c27dfebe04fc272ccadb699901be2
                                                                                                                                                                                                                                                                    • Instruction ID: ff57d15390b2cc75c1f5d7e374c28ab95a7936837bccae4ef2396a181d48e980
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 771e96b15b263e6d8951f84d50e1b1bf4d9c27dfebe04fc272ccadb699901be2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC0140E2E1AA4682EB6A9B76E8442B62360FF84744F449031DE2D47375EE2CE5A58704
                                                                                                                                                                                                                                                                    Function 00007FFBAB007860 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$Arg_FormatKeywords_OccurredParseSizeTuple
                                                                                                                                                                                                                                                                    • String ID: integer constant '%.200s' not found
                                                                                                                                                                                                                                                                    • API String ID: 2363003521-2598228679
                                                                                                                                                                                                                                                                    • Opcode ID: 26e01b26d378beb737f7b7d40d99498997274931de91e5c02ba517175cb15c09
                                                                                                                                                                                                                                                                    • Instruction ID: 4527773a2e28ee7bfe58955358aec25dcfb30e18db7097276de3670c1733b803
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 26e01b26d378beb737f7b7d40d99498997274931de91e5c02ba517175cb15c09
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 55016295B1A606A1EE268B72E4201756790AF48FD5B448032CD2D47774EE3CE179C710
                                                                                                                                                                                                                                                                    Function 00007FFBAB03C590 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_CreateGuidParseReferenceSizeTuple_
                                                                                                                                                                                                                                                                    • String ID: :CreateGuid
                                                                                                                                                                                                                                                                    • API String ID: 2232489080-3559396464
                                                                                                                                                                                                                                                                    • Opcode ID: 09cfe9be1413eff01afa2bb2f16402033869353b27c53ba5146419ec9c390cd0
                                                                                                                                                                                                                                                                    • Instruction ID: a1f3d1b591603f3e98ba20806338d2339e99cd2b1f4e48be7e6da43a11b34656
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 09cfe9be1413eff01afa2bb2f16402033869353b27c53ba5146419ec9c390cd0
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 800152F2E09B4181FA659B30F85516973A0FB88794F849535DE9E42335EF3CE1A48B00
                                                                                                                                                                                                                                                                    Function 00007FFBAB035F50 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: FromString$CharErr_Unicode_Wide
                                                                                                                                                                                                                                                                    • String ID: The string is too long
                                                                                                                                                                                                                                                                    • API String ID: 1358704699-1150129668
                                                                                                                                                                                                                                                                    • Opcode ID: d16902b345cacd23d2082d23a250b7d8911b8a85442355fbbb1c59808b897c3b
                                                                                                                                                                                                                                                                    • Instruction ID: 959004fc604d2435314439e6d6f23fbf6f40f4a16c9029874c70fa3c68ce80c9
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d16902b345cacd23d2082d23a250b7d8911b8a85442355fbbb1c59808b897c3b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB0152B6B19A4185FA759B20E4553B92360FBCC764FC08231DDBE422F5DE2CD1658B00
                                                                                                                                                                                                                                                                    Function 00007FFBAB0352B0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • PyEval_SaveThread.PYTHON312 ref: 00007FFBAB0352CA
                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32 ref: 00007FFBAB0352D7
                                                                                                                                                                                                                                                                    • PyEval_RestoreThread.PYTHON312 ref: 00007FFBAB0352E2
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C0AB
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C11A
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: PyUnicode_DecodeMBCS.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C1EB
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C200
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C218
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: PyErr_SetObject.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C22D
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: _Py_Dealloc.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C23C
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Eval_Thread$BuildCloseDeallocDecodeErr_ErrorFormatFreeHandleLastLocalMessageObjectRestoreSaveSizeUnicode_Value_
                                                                                                                                                                                                                                                                    • String ID: CloseHandle
                                                                                                                                                                                                                                                                    • API String ID: 2420468086-2962429428
                                                                                                                                                                                                                                                                    • Opcode ID: a234cd2355cefa9f88078073659698f9681e44205f00e32605d73f6149afe859
                                                                                                                                                                                                                                                                    • Instruction ID: 63c00ffe9359e60f00a31b4072b66f7459970776a630e7347da1611d9ce80f10
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a234cd2355cefa9f88078073659698f9681e44205f00e32605d73f6149afe859
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2F06876E19B4182EB669735F44836962A0FF94740F195030DE5E83771DE3CD4E28700
                                                                                                                                                                                                                                                                    Function 00007FFBAB031B10 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_InitializeParseTuple
                                                                                                                                                                                                                                                                    • String ID: :Initialize$InitializeAcl
                                                                                                                                                                                                                                                                    • API String ID: 1991639834-2627007299
                                                                                                                                                                                                                                                                    • Opcode ID: 63bff58f03a89d83c8465e0b9a4330355ea6ebece3a6d91fa291ed6468edabb7
                                                                                                                                                                                                                                                                    • Instruction ID: 74879f6ad7066555909dc5261cc82ad2ad42bcda33bb18421feee22b085597d7
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 63bff58f03a89d83c8465e0b9a4330355ea6ebece3a6d91fa291ed6468edabb7
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 00F012A1B0A50681EB3A8B36EC5017523A0EF58F84F08D431CE2D46370FE2CD4B5A304
                                                                                                                                                                                                                                                                    Function 00007FFBAAFFC6E0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Size$Arg_BuildErr_ParseStringTuple_Value_
                                                                                                                                                                                                                                                                    • String ID: (On)$O!O|i:typeoffsetof
                                                                                                                                                                                                                                                                    • API String ID: 1294453720-945657874
                                                                                                                                                                                                                                                                    • Opcode ID: 0d6ca27514911bc71362998e3bcfe85334c5037b826f4e9d4102d66508d279d3
                                                                                                                                                                                                                                                                    • Instruction ID: 9e84d8e9078c6380227e053bc5aca3d3555474e418cffd97dc72ae40fa4546b2
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d6ca27514911bc71362998e3bcfe85334c5037b826f4e9d4102d66508d279d3
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D30121B561AB46D1DE16CB21E4504AA6760FB84790F805136ED9E43764EF3CE159CB40
                                                                                                                                                                                                                                                                    Function 00007FFBAB03F870 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: __current_exception__current_exception_contextterminate
                                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                                    • API String ID: 2542180945-1018135373
                                                                                                                                                                                                                                                                    • Opcode ID: 3b4c1db84a87a6fdb22006f661c73e75c067a881438bcbb587b3e6fc569e0f3a
                                                                                                                                                                                                                                                                    • Instruction ID: 124ad80cfb404904604bfc00f5c0b73e9f3e5fb315e40fe1e0a7810a6ab946f3
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3b4c1db84a87a6fdb22006f661c73e75c067a881438bcbb587b3e6fc569e0f3a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 99F09073A05A4681EB3A5F35E18806D33A0FB48B44F68C031DB6807666DE3CE8B0C744
                                                                                                                                                                                                                                                                    Function 00007FFBAB03FEA8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: __current_exception__current_exception_contextterminate
                                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                                    • API String ID: 2542180945-1018135373
                                                                                                                                                                                                                                                                    • Opcode ID: a3f181e4645522ee0c5c135495326946e4810cbaa9c199b01633478fd2f3168f
                                                                                                                                                                                                                                                                    • Instruction ID: 83ca0ddc77bb6993d9d62220d1cbaa3eb8f449f5506b81ebd031a7af595fe824
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a3f181e4645522ee0c5c135495326946e4810cbaa9c199b01633478fd2f3168f
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8FF0F4B7606B84CAC7269F35EC940AC3364F748B88B5A9130FE9D47B65CF38D8A08304
                                                                                                                                                                                                                                                                    Function 00007FFBAB0361B0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: From$CharStringUnicode_Widewsprintf
                                                                                                                                                                                                                                                                    • String ID: IID('%ws')
                                                                                                                                                                                                                                                                    • API String ID: 3341265217-2301737843
                                                                                                                                                                                                                                                                    • Opcode ID: 50bfa6779426d2aff07c13c9fa1ccc7473edcd72459b3b2acf0a8f76b6dac1ef
                                                                                                                                                                                                                                                                    • Instruction ID: fca1ff59ec7343e5df41f2e1868c26c5eb71757d78124d81347bf2a7ce914669
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 50bfa6779426d2aff07c13c9fa1ccc7473edcd72459b3b2acf0a8f76b6dac1ef
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40F031B6A19A8691EB769B20E4443E92370FB88764F808331DDBD036F5DE3CD159CB00
                                                                                                                                                                                                                                                                    Function 00007FFBAB03CFE0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    • llll;RECT must be a tuple of 4 ints (left, top, right, bottom), xrefs: 00007FFBAB03D02E
                                                                                                                                                                                                                                                                    • RECT must be a tuple of 4 ints (left, top, right, bottom), xrefs: 00007FFBAB03CFFE
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_Err_ParseSizeStringTuple_
                                                                                                                                                                                                                                                                    • String ID: RECT must be a tuple of 4 ints (left, top, right, bottom)$llll;RECT must be a tuple of 4 ints (left, top, right, bottom)
                                                                                                                                                                                                                                                                    • API String ID: 4247878537-1420951713
                                                                                                                                                                                                                                                                    • Opcode ID: 1fed8bc5305fefe79f8efb547535d6236b786e61c4e6cfa1f5450ff16927bdb7
                                                                                                                                                                                                                                                                    • Instruction ID: 78d38623925998d65a37169cfe70e09873e125616712379452a9e5a3a74f2eea
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1fed8bc5305fefe79f8efb547535d6236b786e61c4e6cfa1f5450ff16927bdb7
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DBF0DAB5A05B4595EA26CF65E4441AA77A0FB84B94F84C232CE5D57330EF3CD169C700
                                                                                                                                                                                                                                                                    Function 00007FFBAB03B220 Relevance: 6.1, APIs: 4, Instructions: 111COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_FreeMem_Memoryfreemalloc
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 182096997-0
                                                                                                                                                                                                                                                                    • Opcode ID: a824d51c04412f2cfe757f604ae0b7e488ddafe631157d4ea853e098f62a4294
                                                                                                                                                                                                                                                                    • Instruction ID: a2313fa866a0acf7050b938222fcc928fa0213b56993954daf6336b3e10e5be1
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a824d51c04412f2cfe757f604ae0b7e488ddafe631157d4ea853e098f62a4294
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9F41C2B3B05A5585DB229F65D4442BDB7A0FB84FA8F488232DEAC137A0EF39D465C304
                                                                                                                                                                                                                                                                    Function 00007FFBAB002B25 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 96stringCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: strncmp
                                                                                                                                                                                                                                                                    • String ID: internal error, please report!$uint_lea$unsigned
                                                                                                                                                                                                                                                                    • API String ID: 1114863663-79748562
                                                                                                                                                                                                                                                                    • Opcode ID: 12be028ac4d0ebba43962659361c905de0002d702c7b8674f9d8b4214d50bdb5
                                                                                                                                                                                                                                                                    • Instruction ID: 8bb749bdfb2506be6e2786fed11718f10ec8cb210438bd22f6dfa278404df77f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 12be028ac4d0ebba43962659361c905de0002d702c7b8674f9d8b4214d50bdb5
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9141B4A2A0AA4699EF728F35C06427963A5FB08B94F44C235CE7D472F5DF38E565C304
                                                                                                                                                                                                                                                                    Function 00007FFBAB002A18 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 96stringCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: strncmp
                                                                                                                                                                                                                                                                    • String ID: internal error, please report!$uint_fas$unsigned
                                                                                                                                                                                                                                                                    • API String ID: 1114863663-2104825828
                                                                                                                                                                                                                                                                    • Opcode ID: 7c23cfffeb2cb3575571f9d130363b43b0524ce0c2bfcbdc3678033704d0ca53
                                                                                                                                                                                                                                                                    • Instruction ID: 4e6288854e1338421ff0ffb0ea8e65644bbcda2e7596e11c1a3d1e32c806aceb
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c23cfffeb2cb3575571f9d130363b43b0524ce0c2bfcbdc3678033704d0ca53
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6341D4A2A0AA4695EF328F35C06427963A5FB08B98F44C235CE3D432F5DF38E565C304
                                                                                                                                                                                                                                                                    Function 00007FFBAB002A89 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 96stringCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: strncmp
                                                                                                                                                                                                                                                                    • String ID: internal error, please report!$uint_fas$unsigned
                                                                                                                                                                                                                                                                    • API String ID: 1114863663-2104825828
                                                                                                                                                                                                                                                                    • Opcode ID: 5021b1767a3db0b3e0853406a162033d001b072072c0e711231c63801dbc87bd
                                                                                                                                                                                                                                                                    • Instruction ID: 3bc3b8cc25b4ca6af2587f3d58013ba02311b7c51be3cb34519c6960c6db6324
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5021b1767a3db0b3e0853406a162033d001b072072c0e711231c63801dbc87bd
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE41B4A2A0AA4695EF728F35C06427963A5FB08B98F44C235CE7D472F5DF38E565C304
                                                                                                                                                                                                                                                                    Function 00007FFBAB008A88 Relevance: 6.1, APIs: 4, Instructions: 96COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: List_$DeallocFromSliceStringUnicode_
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2856216243-0
                                                                                                                                                                                                                                                                    • Opcode ID: e06bac90233ac62527bc477d751d505735cdef50a5fb57b678a41691eb842140
                                                                                                                                                                                                                                                                    • Instruction ID: 8c4aa5efe96ea9cfbca8d67c9c00f9fc8f26110fc1ef7084b843a8e94562e5fd
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e06bac90233ac62527bc477d751d505735cdef50a5fb57b678a41691eb842140
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F73181B260A78197DB268F7AE46016A7FA0FB85F94B188031CF5943B65DF3DE462C700
                                                                                                                                                                                                                                                                    Function 00007FFBAB0027DE Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 95stringCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: strncmp
                                                                                                                                                                                                                                                                    • String ID: internal error, please report!$ptrd$unsigned
                                                                                                                                                                                                                                                                    • API String ID: 1114863663-2113229806
                                                                                                                                                                                                                                                                    • Opcode ID: 12074ed824e5c70dade73b9aa8f4588d99e2132b36db93aab4a9ce806798e3c3
                                                                                                                                                                                                                                                                    • Instruction ID: edc3ad3731e12f9f546c4e2b9453c13bf1ee076d3726ddcec3ec0e68b389f5f6
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 12074ed824e5c70dade73b9aa8f4588d99e2132b36db93aab4a9ce806798e3c3
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1341A3A290A64699EF728F35C0642796361FB04B94F44C235CE6D432B4DF38E565C204
                                                                                                                                                                                                                                                                    Function 00007FFBAB0026C8 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 93stringCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: strncmp
                                                                                                                                                                                                                                                                    • String ID: internal error, please report!$uint$unsigned
                                                                                                                                                                                                                                                                    • API String ID: 1114863663-1898961675
                                                                                                                                                                                                                                                                    • Opcode ID: 2dc9ae8ea7ca3ae9cf8faece0cade05998eeba5a1b132b49adf5793113e8de46
                                                                                                                                                                                                                                                                    • Instruction ID: 8a58585f9851409edd6974c0180cb6ed3423b4ba5fc29d974556f107e7476f3f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2dc9ae8ea7ca3ae9cf8faece0cade05998eeba5a1b132b49adf5793113e8de46
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E31A3B2A0A64699EF728F34C06467963A5FB44B94F44C235CE2D432F5DF38E565C304
                                                                                                                                                                                                                                                                    Function 00007FFBAB0026F2 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 93stringCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: strncmp
                                                                                                                                                                                                                                                                    • String ID: internal error, please report!$intm$unsigned
                                                                                                                                                                                                                                                                    • API String ID: 1114863663-3169328072
                                                                                                                                                                                                                                                                    • Opcode ID: 459241a867ee5205bfff8585ebef7bcd55d5b0b1bb27039b9c76291827b3e2ed
                                                                                                                                                                                                                                                                    • Instruction ID: b38b8ca6dedc3a9ffd444f726983ca835ff72c416fa39ea4e923b8a279c71fd2
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 459241a867ee5205bfff8585ebef7bcd55d5b0b1bb27039b9c76291827b3e2ed
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F31A2B2A0AA4699EF32CF35C06467963A5FB48B94F44C235CE2D432F4DF38E565C204
                                                                                                                                                                                                                                                                    Function 00007FFBAB00271E Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 93stringCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: strncmp
                                                                                                                                                                                                                                                                    • String ID: internal error, please report!$ssiz$unsigned
                                                                                                                                                                                                                                                                    • API String ID: 1114863663-1516667
                                                                                                                                                                                                                                                                    • Opcode ID: c36942d27880c481ec04f87e350d73011a49b66a002296bfc0a92a69326d1725
                                                                                                                                                                                                                                                                    • Instruction ID: eb0bd59af252cdc5da7994d159cb8867066a9f9e93cdcaec5eaa02fd2fdad004
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c36942d27880c481ec04f87e350d73011a49b66a002296bfc0a92a69326d1725
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A23191A2A0AA4699EF328F34C06427963A5FB48B98F44C235CE6D432B4DF38E565C204
                                                                                                                                                                                                                                                                    Function 00007FFBAB002B4F Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 93stringCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: strncmp
                                                                                                                                                                                                                                                                    • String ID: internal error, please report!$uint_fas$unsigned
                                                                                                                                                                                                                                                                    • API String ID: 1114863663-2104825828
                                                                                                                                                                                                                                                                    • Opcode ID: 4276f089f89817cca861176750a515bfb17215c1e96a62633edc76114f31a7c8
                                                                                                                                                                                                                                                                    • Instruction ID: 5565cb1cefc76451cdb9b9a030bb3703f0868aed76326711bb6ae5746d310bcc
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4276f089f89817cca861176750a515bfb17215c1e96a62633edc76114f31a7c8
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B031C0A2A0AA4695EF728F35D06427963A1FB08B98F44C235CE2D432E4DF38E565C204
                                                                                                                                                                                                                                                                    Function 00007FFBAB0025DC Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 93stringCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: strncmp
                                                                                                                                                                                                                                                                    • String ID: int3$internal error, please report!$unsigned
                                                                                                                                                                                                                                                                    • API String ID: 1114863663-1498447928
                                                                                                                                                                                                                                                                    • Opcode ID: ffbef35425e568b40d9d2ee8531525ecc0afa1540c7fee0ea9c59f3459be08b0
                                                                                                                                                                                                                                                                    • Instruction ID: 6b30e1355a294997f3cd20c4982e9238aed07ed135a4f2e0eeb0b8aecf58f9d9
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ffbef35425e568b40d9d2ee8531525ecc0afa1540c7fee0ea9c59f3459be08b0
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E31A2B2A0AA4699EF328F35C06427D63A5FB48B98F44C235CE2D432B5DF38E565C304
                                                                                                                                                                                                                                                                    Function 00007FFBAB00264C Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 93stringCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: strncmp
                                                                                                                                                                                                                                                                    • String ID: int6$internal error, please report!$unsigned
                                                                                                                                                                                                                                                                    • API String ID: 1114863663-2818268831
                                                                                                                                                                                                                                                                    • Opcode ID: ac8faa4c4d01cfa638755cd2854dea8b95c76d3c48a061d4689950530f9805fc
                                                                                                                                                                                                                                                                    • Instruction ID: a3e480d3c261c4c0ea6202876e0130dedd40846d077f8d3c676f2ea9aaf737d6
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac8faa4c4d01cfa638755cd2854dea8b95c76d3c48a061d4689950530f9805fc
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5A31A2B2A0AA4699EF728F35C06427963A5FB48B98F44C235CE2D472F4DF38E565C304
                                                                                                                                                                                                                                                                    Function 00007FFBAB006C40 Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Item$ClearDeallocDict_Err_SubtypeTuple_Type_Unicode_
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2830349452-0
                                                                                                                                                                                                                                                                    • Opcode ID: e6e3d5e5aefdea5bd71c4dffd67ddd1bbf98f36b4cb14ff50b54dd3e164667d6
                                                                                                                                                                                                                                                                    • Instruction ID: d2496588aeabc0b97bcae9f98847aea6cfa14b91521e8b102296c3435abb847b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e6e3d5e5aefdea5bd71c4dffd67ddd1bbf98f36b4cb14ff50b54dd3e164667d6
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19316FB2E0A74692EF7A8B26E17423867A1FF58B94F049035DE6D437A0DF2CE4718710
                                                                                                                                                                                                                                                                    Function 00007FFBAB008F80 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: List_$DeallocFromSliceStringUnicode_
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2856216243-0
                                                                                                                                                                                                                                                                    • Opcode ID: 0fdaa2e1c18d4685f79c0b2f33cfa733e0f02694ae083b5308d138070c48d514
                                                                                                                                                                                                                                                                    • Instruction ID: d7cb7a488d343d7f598c3872bc8ed9b5b105ba407e703cdf677fac7aafd9bcbe
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0fdaa2e1c18d4685f79c0b2f33cfa733e0f02694ae083b5308d138070c48d514
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 84115E72A1AB42D5EF668F26E96413A77A0FB84BC4F049035DE6D57B64CF3CE4628700
                                                                                                                                                                                                                                                                    Function 00007FFBAB0349F0 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: memset$Referencemalloc
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3353409452-0
                                                                                                                                                                                                                                                                    • Opcode ID: cfc265aedca1cfd4c5f867cf65e84f229c2e015578add5d1ee2c0dd8f0420849
                                                                                                                                                                                                                                                                    • Instruction ID: e3fa6dbbffce11796fc72943c45ac62a11a2aa66ce1c3dc19dda63d7efa1acc7
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cfc265aedca1cfd4c5f867cf65e84f229c2e015578add5d1ee2c0dd8f0420849
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9113C22A19B4487E734CF26F48006AB774FB88B80B449039DF9D83B65EF7CE4618748
                                                                                                                                                                                                                                                                    Function 00007FFBAAF5150C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3310204753.00007FFBAAF51000.00000020.00000001.01000000.00000030.sdmp, Offset: 00007FFBAAF50000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310175806.00007FFBAAF50000.00000002.00000001.01000000.00000030.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310225778.00007FFBAAF56000.00000002.00000001.01000000.00000030.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310247517.00007FFBAAF5B000.00000002.00000001.01000000.00000030.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaf50000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                                                                                                                                                    • Opcode ID: 1180e2e5db8fc01fcffb0ed67e503fd1d649ff95b0bf32135d6d632c2e4928ca
                                                                                                                                                                                                                                                                    • Instruction ID: 24a274d65a5ffcc4ce9bab1f631fd4b2f98a2c7e9956e4bb80bc2b0c6d84259d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1180e2e5db8fc01fcffb0ed67e503fd1d649ff95b0bf32135d6d632c2e4928ca
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08111862B15F02CAEB409F70E8542B933A8FB19758F440E31DE6D867A8DF78D1A98350
                                                                                                                                                                                                                                                                    Function 00007FFBAAFB150C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311189331.00007FFBAAFB1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FFBAAFB0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311167163.00007FFBAAFB0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311210588.00007FFBAAFB3000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311247848.00007FFBAAFB5000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaafb0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                                                                                                                                                    • Opcode ID: 57e55c07fb4b7e3f2d380650e9b8758557fae20b4aa4a558b4cbdb1162b5ee6f
                                                                                                                                                                                                                                                                    • Instruction ID: 94d9c225c67af570e02837a79a36de4d0801d73a5854ee75884861440b1580ef
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 57e55c07fb4b7e3f2d380650e9b8758557fae20b4aa4a558b4cbdb1162b5ee6f
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD111C62B59B05C9EB00CB70E8542B833B8FB29798F440E31DE6D86BA4DF79D5998350
                                                                                                                                                                                                                                                                    Function 00007FFBAAF9150C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3310784681.00007FFBAAF91000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFBAAF90000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310730020.00007FFBAAF90000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310867382.00007FFBAAF92000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310947990.00007FFBAAF94000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaf90000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                                                                                                                                                    • Opcode ID: 0baeea097dfd391caeb23ce1cd709dc375e05fd8cc26cab7f33f9427a773fc6d
                                                                                                                                                                                                                                                                    • Instruction ID: 5697194ea508d014d9e092ebb5a76962cb885d135885c16be8a98dcfe1c177d7
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0baeea097dfd391caeb23ce1cd709dc375e05fd8cc26cab7f33f9427a773fc6d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8114F62B16B01C9EB008B70E8952BC33A8F759758F040E35DE5D82764EF39D199C350
                                                                                                                                                                                                                                                                    Function 00007FFBAAF7150C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3310435332.00007FFBAAF71000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAAF70000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310414066.00007FFBAAF70000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310520924.00007FFBAAF73000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310541565.00007FFBAAF75000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaf70000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                                                                                                                                                    • Opcode ID: 57e55c07fb4b7e3f2d380650e9b8758557fae20b4aa4a558b4cbdb1162b5ee6f
                                                                                                                                                                                                                                                                    • Instruction ID: 817b6be2a324d219f75234003755e5c251d1c8c0d0b0d41266ecc897f14da551
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 57e55c07fb4b7e3f2d380650e9b8758557fae20b4aa4a558b4cbdb1162b5ee6f
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44111862B15B01DAEB048B70E8542BC33A8FB19B58F440E31DE6D867A8DF79E1998350
                                                                                                                                                                                                                                                                    Function 00007FFBAAFC150C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311289279.00007FFBAAFC1000.00000020.00000001.01000000.00000029.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311268918.00007FFBAAFC0000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311310302.00007FFBAAFC5000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311330045.00007FFBAAFC6000.00000004.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311385032.00007FFBAAFC7000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaafc0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                                                                                                                                                    • Opcode ID: 35793672486907f85f78470f91632de72c2c77bd04ed6848e52fa048c16991bf
                                                                                                                                                                                                                                                                    • Instruction ID: 51bb7aedfc2eb3b393b13444f15bc5a4a1cf3b250e0d5d2ac7d11e9dbc79eaff
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 35793672486907f85f78470f91632de72c2c77bd04ed6848e52fa048c16991bf
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5114C62B95B02D9EB008F71E8542B833A8FB18758F441E35DE6D867A4DF38D1998390
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF91E0 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Unicode_$Library$Arg_CharDeallocErr_ErrorFormatFreeLastLengthLoadObject_ParseSizeTuple_Wide_strdup
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2014377733-0
                                                                                                                                                                                                                                                                    • Opcode ID: b9117c6576eca9be33d3f18351ebc961a326dc9f926df663d302875a1afc72e8
                                                                                                                                                                                                                                                                    • Instruction ID: f09461836848e39e770f75afc9cc11237f5dfec89e9e86f45e64fb02840593a6
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b9117c6576eca9be33d3f18351ebc961a326dc9f926df663d302875a1afc72e8
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49018EB2A0AA45D2EE1A8F74E49027CB3A4FF48B94F044131DE5E82764DF3EE459CB10
                                                                                                                                                                                                                                                                    Function 00007FFBAB038E60 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CopyLengthReferencemalloc
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3624451276-0
                                                                                                                                                                                                                                                                    • Opcode ID: f209ba4f67c1bd7ad927fbf5c44fd95c424540822dfd8a5772c24d0642e01099
                                                                                                                                                                                                                                                                    • Instruction ID: a0ba621c02d2c2877a1ff3892e13690fa5a35c84124c2947a7685a1839b17dd4
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f209ba4f67c1bd7ad927fbf5c44fd95c424540822dfd8a5772c24d0642e01099
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7E017171A0AB4582EB699B66F84416963A4FF49BC0F048035DE6E13B74EF3CD4718300
                                                                                                                                                                                                                                                                    Function 00007FFBAB034960 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: memset$Referencemalloc
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3353409452-0
                                                                                                                                                                                                                                                                    • Opcode ID: 06fbbf861f31e947fc0cff152ccf4cf8ba627b0409590e7f134d7ba7840202b3
                                                                                                                                                                                                                                                                    • Instruction ID: aa963967c029e7cd04080b08f3239a5442a9f21df7fcb63b22f07dd81a02f51f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06fbbf861f31e947fc0cff152ccf4cf8ba627b0409590e7f134d7ba7840202b3
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D4016262B25B9582E718CF36E44006D7761FB88F84F089035DE1D43325EF39C461C748
                                                                                                                                                                                                                                                                    Function 00007FFBAB039290 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Referencemallocmemcpymemset
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1282408338-0
                                                                                                                                                                                                                                                                    • Opcode ID: 7bfaa5ebf8b34820a0e233f4471406ef91c962e6e2596f4fa0cefa083294b3f2
                                                                                                                                                                                                                                                                    • Instruction ID: 7d2faa86ec72bd8b5b9232c122739faa117d07b7b995d9da6dc3e63b1d524d0f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7bfaa5ebf8b34820a0e233f4471406ef91c962e6e2596f4fa0cefa083294b3f2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2F04F62B1AB8182EA658B26F5840696264FB48FD0B488031EE6D17B29DF3CD4A28704
                                                                                                                                                                                                                                                                    Function 00007FFBAB0342B0 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: InitializeReferencemallocmemset
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 306314696-0
                                                                                                                                                                                                                                                                    • Opcode ID: 9b05a175ca92aa19f75d95a4ef61566b1229818556ea28acc5a1f5188c494334
                                                                                                                                                                                                                                                                    • Instruction ID: 3b2540b3f1921ada22b5caea68fe74e0cc76324115c96bf1b3ceef074a29e347
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9b05a175ca92aa19f75d95a4ef61566b1229818556ea28acc5a1f5188c494334
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 07F06271A19F9186E764DB22F8400597764FB88FD0F588034EE5D43B29DF3CD5A28744
                                                                                                                                                                                                                                                                    Function 00007FFBAB038970 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: DescriptorSecurityfree$InitializeLengthReferencemalloc
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2992339461-0
                                                                                                                                                                                                                                                                    • Opcode ID: e18387423927f03562960c83c48f9baa80d415592888f67cc2897486346f62b8
                                                                                                                                                                                                                                                                    • Instruction ID: 99afcb484a16ed5c737cddf714e77297e4638920944a57c2968b98668ec4637a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e18387423927f03562960c83c48f9baa80d415592888f67cc2897486346f62b8
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 72F09071B0AB0682EA699B22F9583396261FB4CFC0F08C034CE5E07765DE3CD0A58300
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF6A70 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$ClearExceptionFormatMatchesUnicode_
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3412208678-0
                                                                                                                                                                                                                                                                    • Opcode ID: e012e911da72500f9624b1ad115f444e2360a73b102165eaa3126a39a30880a0
                                                                                                                                                                                                                                                                    • Instruction ID: 90bf1103e71fefe9e08f5cdd491a4a34a513ff2c7ffc2c39f21e1db9da746636
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e012e911da72500f9624b1ad115f444e2360a73b102165eaa3126a39a30880a0
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 99F04FA1B0AB81A2EE559B72E8500296360FB88FC4B08C135DE2E93724DE3CD4758310
                                                                                                                                                                                                                                                                    Function 00007FFBAB039310 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CopyLengthReferencemalloc
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3624451276-0
                                                                                                                                                                                                                                                                    • Opcode ID: ef35d0e389114da7284109d5a3633f4f3a3ae6f6cc59037d686e74084529aff4
                                                                                                                                                                                                                                                                    • Instruction ID: 58e389c4652986f857d756aea11d2f5c7ee538649cea27c159ef9f99a4dae5c0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef35d0e389114da7284109d5a3633f4f3a3ae6f6cc59037d686e74084529aff4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 82F05E71B0AB8182EB688B62F844029A3A4FB4CFC0B448034DE6E53B34EF3CD4A18300
                                                                                                                                                                                                                                                                    Function 00007FFBAB03BE50 Relevance: 6.0, APIs: 4, Instructions: 20threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Value$DeleteFreeLocalState_Thread
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3706641815-0
                                                                                                                                                                                                                                                                    • Opcode ID: b9f039f49c0c3725a936294eabfd3aea5f23939cf0c2b3ce667fcfdf6801e786
                                                                                                                                                                                                                                                                    • Instruction ID: 6e7b9215c26f1d6e2ba8facd3ad7b952310f4edecd947e28b9c4a69737df1c2d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b9f039f49c0c3725a936294eabfd3aea5f23939cf0c2b3ce667fcfdf6801e786
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02F0ACB5A0A60682FA6B9B35E85873932A1AF89755F44C435CD6E163B0EF3C64A8C600
                                                                                                                                                                                                                                                                    Function 00007FFBAB007DD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$OccurredString
                                                                                                                                                                                                                                                                    • String ID: recursion overflow in ffi.include() delegations
                                                                                                                                                                                                                                                                    • API String ID: 114435612-2249810312
                                                                                                                                                                                                                                                                    • Opcode ID: 3a3d33779b5453a1c36135dc855c090ba561a91ec9eda46b2e2c402b0bc29ed1
                                                                                                                                                                                                                                                                    • Instruction ID: ce83dd603f47d1becffd0db8983af79a867c990b34575c04978d582877ecf8bd
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3a3d33779b5453a1c36135dc855c090ba561a91ec9eda46b2e2c402b0bc29ed1
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C231A771B06B8295DE26CF21D4202696B50FB58B95F44C531DE6E437A6DF3CE8728301
                                                                                                                                                                                                                                                                    Function 00007FFBAB006700 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_Formatmemset
                                                                                                                                                                                                                                                                    • String ID: %s%s
                                                                                                                                                                                                                                                                    • API String ID: 1100529188-3252725368
                                                                                                                                                                                                                                                                    • Opcode ID: 444330247d0cd6e5f25108d649b6bd2935f6cba95c9e48a342e5221a4ffa1299
                                                                                                                                                                                                                                                                    • Instruction ID: 818aa2cc66cb4ce1ce07f3a6bf60476dce58c32cd6416012bca7273d79c2c23d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 444330247d0cd6e5f25108d649b6bd2935f6cba95c9e48a342e5221a4ffa1299
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 47317262605B8599DB25CF31D4502A837A1F709BA8F448331DE7E177E9DF39D165C300
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF3AC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAAFF11A0: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFBAAFF11EB
                                                                                                                                                                                                                                                                    • PyErr_Format.PYTHON312 ref: 00007FFBAAFF3B91
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_Format__stdio_common_vsprintf
                                                                                                                                                                                                                                                                    • String ID: initializer for ctype 'char32_t' must be a unicode string of length 1, not %.200s$unicode string of length %zd
                                                                                                                                                                                                                                                                    • API String ID: 3682193652-4170590841
                                                                                                                                                                                                                                                                    • Opcode ID: 004660c2e9368edca776b85d238be401fd7d6f62c89901d30a010b90bce654f7
                                                                                                                                                                                                                                                                    • Instruction ID: 5e5efb04e5752aaa0fcfe51ce408608823ac1afef271c16f5f691b2732ea50a4
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 004660c2e9368edca776b85d238be401fd7d6f62c89901d30a010b90bce654f7
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 682164A1A0A642C1EE6ACB34D0612792364FF44744F8042B2DE6D872F4DF2EE45EC710
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF7800 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • PyErr_SetString.PYTHON312 ref: 00007FFBAAFF7882
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAAFF5090: PyErr_Fetch.PYTHON312 ref: 00007FFBAAFF50B7
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAAFF5090: PyObject_CallFunctionObjArgs.PYTHON312 ref: 00007FFBAAFF50C6
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAAFF5090: _Py_Dealloc.PYTHON312 ref: 00007FFBAAFF50E7
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAAFF5090: _Py_Dealloc.PYTHON312 ref: 00007FFBAAFF51EA
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAAFF5090: PyErr_Restore.PYTHON312 ref: 00007FFBAAFF5202
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    • only 'cdata' object from ffi.new(), ffi.gc(), ffi.from_buffer() or ffi.new_allocator()() can be used with the 'with' keyword or ffi.release(), xrefs: 00007FFBAAFF7878
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$Dealloc$ArgsCallFetchFunctionObject_RestoreString
                                                                                                                                                                                                                                                                    • String ID: only 'cdata' object from ffi.new(), ffi.gc(), ffi.from_buffer() or ffi.new_allocator()() can be used with the 'with' keyword or ffi.release()
                                                                                                                                                                                                                                                                    • API String ID: 806360883-4224388032
                                                                                                                                                                                                                                                                    • Opcode ID: 5902e69f50e104ea317343f5471fad0bc5fa6d93c349338d2f6bb8269d905a8e
                                                                                                                                                                                                                                                                    • Instruction ID: 6905b72fd462ed7be34c1d689c8c633c88ee77f2a6bf1d6242e7d46b74eac68e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5902e69f50e104ea317343f5471fad0bc5fa6d93c349338d2f6bb8269d905a8e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F22162B1E0AA46D2EA56DB75E49013837A4FB84B84B905576CD1E83770CF3DE469C310
                                                                                                                                                                                                                                                                    Function 00007FFBAAFFB3A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$OccurredString
                                                                                                                                                                                                                                                                    • String ID: callback with the return type 'void' must return None
                                                                                                                                                                                                                                                                    • API String ID: 114435612-1821524162
                                                                                                                                                                                                                                                                    • Opcode ID: f9365fe782bb231a731903fb249b87927f599679a92f36f1f2d524dfd09ad1ac
                                                                                                                                                                                                                                                                    • Instruction ID: 8f800b8bf06bec8b1a83c614a9452dc22a42f6510d75ac1d46c2941349996314
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f9365fe782bb231a731903fb249b87927f599679a92f36f1f2d524dfd09ad1ac
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E1182B1A1B502C6EE6A5F39F54117C2254FF48B64F484271DE3CC76D1EE2DE8AA8320
                                                                                                                                                                                                                                                                    Function 00007FFBAB03A170 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB039840: PyImport_ImportModule.PYTHON312 ref: 00007FFBAB039861
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB039840: PyObject_GetAttrString.PYTHON312 ref: 00007FFBAB03987D
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB039840: _Py_Dealloc.PYTHON312 ref: 00007FFBAB03988F
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB039840: PyTuple_New.PYTHON312 ref: 00007FFBAB03989C
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB039840: PyObject_CallMethod.PYTHON312 ref: 00007FFBAB0398BB
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB039840: _Py_Dealloc.PYTHON312 ref: 00007FFBAB0398D1
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB039840: _Py_Dealloc.PYTHON312 ref: 00007FFBAB0398E7
                                                                                                                                                                                                                                                                    • PyObject_GetAttrString.PYTHON312(?,?,?,?,?,?,?,?,?,00007FFBAB0399ED), ref: 00007FFBAB03A1B4
                                                                                                                                                                                                                                                                    • _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,?,?,00007FFBAB0399ED), ref: 00007FFBAB03A213
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Dealloc$Object_$AttrString$CallImportImport_MethodModuleTuple_
                                                                                                                                                                                                                                                                    • String ID: max
                                                                                                                                                                                                                                                                    • API String ID: 66079785-2641765001
                                                                                                                                                                                                                                                                    • Opcode ID: afa67af572f1350e402637108e0cfd3a2185254bb60b6e563785a36e96d5d9b9
                                                                                                                                                                                                                                                                    • Instruction ID: 7e0412deac5eb6b959a5309cfff46ecbe74a1955d65c64cd5931a31cbc8f4e13
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: afa67af572f1350e402637108e0cfd3a2185254bb60b6e563785a36e96d5d9b9
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09115172A0969686D7664F26E54403DB3A1FB84B84F048135EFAE07B64EF3CE470C704
                                                                                                                                                                                                                                                                    Function 00007FFBAB039960 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45timeCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • PyArg_ParseTuple.PYTHON312 ref: 00007FFBAB039982
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB036350: PyLong_AsLongLong.PYTHON312 ref: 00007FFBAB036375
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB036350: PyErr_Occurred.PYTHON312 ref: 00007FFBAB036384
                                                                                                                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32 ref: 00007FFBAB0399B9
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C0AB
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C11A
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: PyUnicode_DecodeMBCS.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C1EB
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C200
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C218
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: PyErr_SetObject.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C22D
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03C090: _Py_Dealloc.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAB03786D,?,?,00000000,00007FFBAB037BE2,?,?,?,00007FFBAB031911), ref: 00007FFBAB03C23C
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_LongTime$Arg_BuildDeallocDecodeErrorFileFormatFreeLastLocalLong_MessageObjectOccurredParseSizeSystemTupleUnicode_Value_
                                                                                                                                                                                                                                                                    • String ID: FileTimeToSystemTime
                                                                                                                                                                                                                                                                    • API String ID: 2951598573-1754531670
                                                                                                                                                                                                                                                                    • Opcode ID: 632d414ff01d91852ae786370b54ce0723fa11f4dcff63e83e1afd5d37ea7c8a
                                                                                                                                                                                                                                                                    • Instruction ID: 9842e7a5c0cfec3a409167b7b30cac1a1064997ceab7e6b4613b9d065747c156
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 632d414ff01d91852ae786370b54ce0723fa11f4dcff63e83e1afd5d37ea7c8a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 611189B3E1D58282EA72EF34E4551AA73A0FFC4744F805132EE9E82575EE2CE5158B00
                                                                                                                                                                                                                                                                    Function 00007FFBAB0332F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_ParseTuple
                                                                                                                                                                                                                                                                    • String ID: AddAccessDeniedObjectAce$lllOOO:AddAccessDeniedObjectAce
                                                                                                                                                                                                                                                                    • API String ID: 3371842430-3179976129
                                                                                                                                                                                                                                                                    • Opcode ID: b316ed875ad92f5d67c8aa4309a6d514b86a89ca2ef25c80c39e036b3862fcec
                                                                                                                                                                                                                                                                    • Instruction ID: e7ab24e1fecc026fbb0752737da870f8f2727b51342bd9154f119911895f17ba
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b316ed875ad92f5d67c8aa4309a6d514b86a89ca2ef25c80c39e036b3862fcec
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 93119EB2B09B4582CF21CF61E4844AD77A0F788790F104136DEAC83B24EF39D998CB00
                                                                                                                                                                                                                                                                    Function 00007FFBAB033240 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_ParseTuple
                                                                                                                                                                                                                                                                    • String ID: AddAccessAllowedObjectAce$lllOOO:AddAccessAllowedObjectAce
                                                                                                                                                                                                                                                                    • API String ID: 3371842430-684429688
                                                                                                                                                                                                                                                                    • Opcode ID: 6cb21bfeaffb9b239cd272a1894bc0af3c1a26a0febc66c129de5451c9c9c3f6
                                                                                                                                                                                                                                                                    • Instruction ID: f9de3f9646edd318b3a91a0b12b0941a415098bf56c606b0ed08d34914c41d5a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6cb21bfeaffb9b239cd272a1894bc0af3c1a26a0febc66c129de5451c9c9c3f6
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FB119EB2B09B4586DB61CF61E4845AD73A0F7887D0F504136DEAC83B24EF39D9A8CB00
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF6710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$OccurredString
                                                                                                                                                                                                                                                                    • String ID: 'del x[n]' not supported for cdata objects
                                                                                                                                                                                                                                                                    • API String ID: 114435612-201749645
                                                                                                                                                                                                                                                                    • Opcode ID: e4bcc79267464eff6ddebd1b3fdfbc7f19794588260ec407cbeab64b01d06102
                                                                                                                                                                                                                                                                    • Instruction ID: 67c53dbe6d3f89784ee0e294e9e3f085b0e9bea2632ef459c392697161a85161
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e4bcc79267464eff6ddebd1b3fdfbc7f19794588260ec407cbeab64b01d06102
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CB010862B1AA81C1EE568F36E54003CA364FB48FC4F185135EF2E477A4EF2DE4A68310
                                                                                                                                                                                                                                                                    Function 00007FFBAB0053C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • PyErr_Format.PYTHON312(?,?,840FC08548F08B48,00007FFBAB0060F7), ref: 00007FFBAB00540A
                                                                                                                                                                                                                                                                    • _Py_Dealloc.PYTHON312(?,?,840FC08548F08B48,00007FFBAB0060F7), ref: 00007FFBAB005427
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    • the type '%s%s' is a function type, not a pointer-to-function type, xrefs: 00007FFBAB0053E4
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: DeallocErr_Format
                                                                                                                                                                                                                                                                    • String ID: the type '%s%s' is a function type, not a pointer-to-function type
                                                                                                                                                                                                                                                                    • API String ID: 186121651-1909832095
                                                                                                                                                                                                                                                                    • Opcode ID: cb90690557bf80023dbbb6dc27e07030e295588a31ae53064b60ed666bcd86be
                                                                                                                                                                                                                                                                    • Instruction ID: 9487451191272af11de15e187f7e8b0aa7adc642bcc54542d1ea9a1232b3d93c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cb90690557bf80023dbbb6dc27e07030e295588a31ae53064b60ed666bcd86be
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56017571E0A68291EF668F35F5952A823B1FF44B59F888031DE2D46664DF3CD1B9C310
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF9A40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • _PyObject_GC_NewVar.PYTHON312 ref: 00007FFBAAFF9A52
                                                                                                                                                                                                                                                                    • PyObject_GC_Track.PYTHON312 ref: 00007FFBAAFF9A75
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAAFF9270: PyBytes_FromStringAndSize.PYTHON312(?,?,?,00007FFBAAFF99AC), ref: 00007FFBAAFF9296
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAAFF9270: memcpy.VCRUNTIME140(?,?,?,00007FFBAAFF99AC), ref: 00007FFBAAFF92B2
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAAFF9270: PyDict_GetItem.PYTHON312(?,?,?,00007FFBAAFF99AC), ref: 00007FFBAAFF92C1
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAAFF9270: _Py_Dealloc.PYTHON312(?,?,?,00007FFBAAFF99AC), ref: 00007FFBAAFF92DD
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAAFF9270: _Py_Dealloc.PYTHON312(?,?,?,00007FFBAAFF99AC), ref: 00007FFBAAFF92FA
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: DeallocObject_$Bytes_Dict_FromItemSizeStringTrackmemcpy
                                                                                                                                                                                                                                                                    • String ID: void
                                                                                                                                                                                                                                                                    • API String ID: 2546078241-3531332078
                                                                                                                                                                                                                                                                    • Opcode ID: 1d32090c7b380050f8fbf1b141d3be960214b509303cc116b250433ad97be526
                                                                                                                                                                                                                                                                    • Instruction ID: a5c05c639756207792a8917278c2c1c5e4dd764cfae04b25b67ce3766aa07557
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d32090c7b380050f8fbf1b141d3be960214b509303cc116b250433ad97be526
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E4014CB2A16B4196EB658F35E89012837A4FB48724F544239CE7D463D4EF3DD0A5CB20
                                                                                                                                                                                                                                                                    Function 00007FFBAB032EB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_ParseTuple
                                                                                                                                                                                                                                                                    • String ID: AddAccessDeniedAceEx$lllO:AddAccessDeniedAceEx
                                                                                                                                                                                                                                                                    • API String ID: 3371842430-4150984663
                                                                                                                                                                                                                                                                    • Opcode ID: ad09e65bb1cea0ac4f5e9af40242ab57fcedfcdf14550f24ac85561f6cdc466a
                                                                                                                                                                                                                                                                    • Instruction ID: 0fb31f56b881cd3f77aa5a3addfcf33d408e792108c02a4256739fe71f746ae5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ad09e65bb1cea0ac4f5e9af40242ab57fcedfcdf14550f24ac85561f6cdc466a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B2011AB6A09741C6DA21CB65F44049A77A0FB98794F544222EFAC83B28EF3CD164CF00
                                                                                                                                                                                                                                                                    Function 00007FFBAB032F40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_ParseTuple
                                                                                                                                                                                                                                                                    • String ID: AddMandatoryAce$kkkO:AddMandatoryAce
                                                                                                                                                                                                                                                                    • API String ID: 3371842430-3675006617
                                                                                                                                                                                                                                                                    • Opcode ID: 076364db2900c2bb665b33999295fa93c37af88c4ee1d99e6863dbe7ae2cd730
                                                                                                                                                                                                                                                                    • Instruction ID: eca13794726cc7fe7620a6d8964ba5cdabcb6d50016af9cd631ff33bf0e0da9c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 076364db2900c2bb665b33999295fa93c37af88c4ee1d99e6863dbe7ae2cd730
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9011EB6A19741C6DB21CB69F44049A77A0F798794F544222EFAC43B28EF3CD1A4CF00
                                                                                                                                                                                                                                                                    Function 00007FFBAB0365C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_ParseReferenceTuple
                                                                                                                                                                                                                                                                    • String ID: :OVERLAPPED
                                                                                                                                                                                                                                                                    • API String ID: 709158290-1552635527
                                                                                                                                                                                                                                                                    • Opcode ID: e0bdebcfea0511a29331e8c1aae85b93b7c30f15489b0f9b8cc0108d539767b8
                                                                                                                                                                                                                                                                    • Instruction ID: 86e8640ca911059b3aabe95e956bfc40b7ac62698c4a9ab9b004354a7094b4c6
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e0bdebcfea0511a29331e8c1aae85b93b7c30f15489b0f9b8cc0108d539767b8
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA015E72919B8182D7248F21E99016973E4FB98B44F55A235DA9C53724EF3CE5A0C700
                                                                                                                                                                                                                                                                    Function 00007FFBAB032E20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_ParseTuple
                                                                                                                                                                                                                                                                    • String ID: AddAccessAllowedAceEx$lllO:AddAccessAllowedAceEx
                                                                                                                                                                                                                                                                    • API String ID: 3371842430-1263352432
                                                                                                                                                                                                                                                                    • Opcode ID: 373ec3d6942346a08b4875f32b347a83816f03fbf51c164e75df230f572021d0
                                                                                                                                                                                                                                                                    • Instruction ID: b0e7ff9c37dccbad8eb4a35e721e6f0a27bdac79dad07b7bb87141e22f393d78
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 373ec3d6942346a08b4875f32b347a83816f03fbf51c164e75df230f572021d0
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C011EB6A19741C6DB21CB69F44049A77A0F798794F544222EFAC43B28EF3CD194CF00
                                                                                                                                                                                                                                                                    Function 00007FFBAB03CC40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03AAE0: PyErr_SetString.PYTHON312 ref: 00007FFBAB03AB1F
                                                                                                                                                                                                                                                                    • PyErr_Clear.PYTHON312 ref: 00007FFBAB03CC5C
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyNumber_Long.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CB65
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CB73
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyLong_AsLongLong.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CB81
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CB90
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyErr_Clear.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CB9B
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyLong_AsUnsignedLongLong.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CBA4
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CBB3
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: _Py_Dealloc.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CBC7
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyErr_Format.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CBE6
                                                                                                                                                                                                                                                                    • PyErr_SetString.PYTHON312 ref: 00007FFBAB03CC92
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    • Resource id/name must be string or int in the range 0-65536, xrefs: 00007FFBAB03CC81
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$Long$Occurred$ClearLong_String$DeallocFormatNumber_Unsigned
                                                                                                                                                                                                                                                                    • String ID: Resource id/name must be string or int in the range 0-65536
                                                                                                                                                                                                                                                                    • API String ID: 286819204-907244015
                                                                                                                                                                                                                                                                    • Opcode ID: 8b5b059616f32ab4af3ef54f4cc1be5fdf2f8475748c73add3075f97ecde13f8
                                                                                                                                                                                                                                                                    • Instruction ID: 460f72d87d3a254c4a2db99d5eb820b13861b1e4ec6996a3dae4927ad3e3c7c8
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b5b059616f32ab4af3ef54f4cc1be5fdf2f8475748c73add3075f97ecde13f8
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3F068B2B19A4281FB769B31F54837912A0EF88BC4F45D031DE6EC7665EE2CD4A04704
                                                                                                                                                                                                                                                                    Function 00007FFBAB03CCE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03AED0: PyUnicode_AsWideCharString.PYTHON312 ref: 00007FFBAB03AF0A
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03AED0: PyErr_SetString.PYTHON312 ref: 00007FFBAB03AF29
                                                                                                                                                                                                                                                                    • PyErr_Clear.PYTHON312 ref: 00007FFBAB03CCFC
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyNumber_Long.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CB65
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CB73
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyLong_AsLongLong.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CB81
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CB90
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyErr_Clear.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CB9B
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyLong_AsUnsignedLongLong.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CBA4
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CBB3
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: _Py_Dealloc.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CBC7
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFBAB03CB50: PyErr_Format.PYTHON312(?,?,?,00007FFBAB034F6E), ref: 00007FFBAB03CBE6
                                                                                                                                                                                                                                                                    • PyErr_SetString.PYTHON312 ref: 00007FFBAB03CD32
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    • Resource id/name must be unicode or int in the range 0-65536, xrefs: 00007FFBAB03CD21
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$Long$OccurredString$ClearLong_$CharDeallocFormatNumber_Unicode_UnsignedWide
                                                                                                                                                                                                                                                                    • String ID: Resource id/name must be unicode or int in the range 0-65536
                                                                                                                                                                                                                                                                    • API String ID: 293670993-4091729669
                                                                                                                                                                                                                                                                    • Opcode ID: 60c3811dd216bffba4a48a67c9a17aa3425e8de53ba8c318c0d045a22ed7e1d4
                                                                                                                                                                                                                                                                    • Instruction ID: fbb70494d7a4dd8fc9fc4e4ced9b4e226b6727496caca28648dcc093dc7ffd8e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 60c3811dd216bffba4a48a67c9a17aa3425e8de53ba8c318c0d045a22ed7e1d4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3F068B2B1964281FBB69B36F5453792290EF88BC4F45D031EE6D87665FE3CD4A08304
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF33F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: write_raw_complex_data$write_raw_complex_data: bad complex size
                                                                                                                                                                                                                                                                    • API String ID: 0-1904489683
                                                                                                                                                                                                                                                                    • Opcode ID: 3a00ac0c8c790b6b68167293fd66d6d605610ff257f1d9065e688a927b8c7ea2
                                                                                                                                                                                                                                                                    • Instruction ID: 90f02ae1b107b495d4eee7700c587a34b6b22ce85fd72dc2b17c335b3778f26f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3a00ac0c8c790b6b68167293fd66d6d605610ff257f1d9065e688a927b8c7ea2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0C014C72D15F89DAC622CF78E450019F3A0FB9AB94B108722EA4C16620DBACD1A6CB00
                                                                                                                                                                                                                                                                    Function 00007FFBAB03D190 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: DeallocSequence_Tuple
                                                                                                                                                                                                                                                                    • String ID: Sequence can contain at most %d items
                                                                                                                                                                                                                                                                    • API String ID: 1991852567-3507602910
                                                                                                                                                                                                                                                                    • Opcode ID: 25fa632f6a6d5f12d6e8a9f938950a621ca743a84be2cca98152b4da34864958
                                                                                                                                                                                                                                                                    • Instruction ID: c955f6e4d0d5e2fb5d707ba887c4cec8c27ee9ca22bcc8a425db05c9401ae094
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 25fa632f6a6d5f12d6e8a9f938950a621ca743a84be2cca98152b4da34864958
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8F062B3E1BA4286EA6A8F22E54403463A1FBC8B90F049135DD2E037B4DE3CD4B0C704
                                                                                                                                                                                                                                                                    Function 00007FFBAB03A590 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Capsule_ImportReadyType_
                                                                                                                                                                                                                                                                    • String ID: datetime.datetime_CAPI
                                                                                                                                                                                                                                                                    • API String ID: 2581296196-711417590
                                                                                                                                                                                                                                                                    • Opcode ID: cb23a3028eaa3d179535be05a169c1506c4a61177cb4d63680d54856fd82966b
                                                                                                                                                                                                                                                                    • Instruction ID: 56bb90db51300c569b9e28dbd0a9b0a20069d18f09dd6289a214260e9c6cd9e8
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cb23a3028eaa3d179535be05a169c1506c4a61177cb4d63680d54856fd82966b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C101BBB5A0AB4281EA66CB25E89046833A1FB88B50F55D235DD6D83770EF3CD4A5C701
                                                                                                                                                                                                                                                                    Function 00007FFBAB0351D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Long$Arg_FromLong_ParseTuple
                                                                                                                                                                                                                                                                    • String ID: :Detach
                                                                                                                                                                                                                                                                    • API String ID: 1152936543-4103459575
                                                                                                                                                                                                                                                                    • Opcode ID: e443cbe33a69a4e9ccd6b9eb4e5bf13f7ca75ca43a2515781c54e467d984db27
                                                                                                                                                                                                                                                                    • Instruction ID: b24147c597ecda87b49aa0a5cb56bf002b3fccf9fa4bc681bf5e4f2f6ec1ea50
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e443cbe33a69a4e9ccd6b9eb4e5bf13f7ca75ca43a2515781c54e467d984db27
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 26F0377171564582EFAA4B75FA8436922A0FF44BC0F889134DE6DC7768EF7CD5A48304
                                                                                                                                                                                                                                                                    Function 00007FFBAB03B710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_ParseReferenceTuple
                                                                                                                                                                                                                                                                    • String ID: :WAVEFORMATEX
                                                                                                                                                                                                                                                                    • API String ID: 709158290-1364142124
                                                                                                                                                                                                                                                                    • Opcode ID: b87b5b271dae4500a872c9a8d630c7e74213b6f1348c28940c0ab33bd005c71f
                                                                                                                                                                                                                                                                    • Instruction ID: c91ee5b41012d637df33de62f9574b1f95b33cbd06a8b5487ee021c8b4f5c601
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b87b5b271dae4500a872c9a8d630c7e74213b6f1348c28940c0ab33bd005c71f
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EDF05461A1674282EB25DF31EC4416922A0FF8DB44F94D635DE5C97324FF3CE1A48304
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF3310 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: write_raw_integer_data$write_raw_integer_data: bad integer size
                                                                                                                                                                                                                                                                    • API String ID: 0-2904179195
                                                                                                                                                                                                                                                                    • Opcode ID: 80bef99a43db75ab21ebab7d24dcad0c05bc1688b141f2a87a7bd23d08c97f8d
                                                                                                                                                                                                                                                                    • Instruction ID: 54ce255c9659dfb52cfe043d0a3c7c0ca19bc6103d22e3f1888ffc93d3397576
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 80bef99a43db75ab21ebab7d24dcad0c05bc1688b141f2a87a7bd23d08c97f8d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1DE065B5E17102D5DD3E5B35D8A142C32646B59724FE0D670CE1C45A60DD6FE1AF8B10
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF3360 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: read_raw_float_data$read_raw_float_data: bad float size
                                                                                                                                                                                                                                                                    • API String ID: 0-3717373606
                                                                                                                                                                                                                                                                    • Opcode ID: 4e8eef792c4564bb4a5c1f2658dd0c54b92d4f3f5132071a0656f5b37e88e365
                                                                                                                                                                                                                                                                    • Instruction ID: 58e3244fe029478430ca59f941f8f7e67a8434a7dbe77b67ae088f3a236f1062
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e8eef792c4564bb4a5c1f2658dd0c54b92d4f3f5132071a0656f5b37e88e365
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A4E0E5B1E0A905D6EA55CF39E49001C6360FB8A344F508231DA0E62634EF3DE4E9CB00
                                                                                                                                                                                                                                                                    Function 00007FFBAB0397F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AttrObject_StringSubtypeType_
                                                                                                                                                                                                                                                                    • String ID: timetuple
                                                                                                                                                                                                                                                                    • API String ID: 1421930220-3328721318
                                                                                                                                                                                                                                                                    • Opcode ID: d19154720ba3a1a31f80388809a956ba94848c63bf42471ed6da160e07ef3a78
                                                                                                                                                                                                                                                                    • Instruction ID: 5173d68f0847be17144baa27027f53fdc8ff8e9db7083a8f3dd653b72d57864b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d19154720ba3a1a31f80388809a956ba94848c63bf42471ed6da160e07ef3a78
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3BE0EDEAF0664281FA6A8B76E8841391351EF98F91F48D031CD2E46770FF2CD8E5C605
                                                                                                                                                                                                                                                                    Function 00007FFBAB031A50 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_ParseTuple
                                                                                                                                                                                                                                                                    • String ID: @$|ii:ACL
                                                                                                                                                                                                                                                                    • API String ID: 3371842430-2672190651
                                                                                                                                                                                                                                                                    • Opcode ID: 37e0a04dbdd66d88dba87736e60bcd60b2cc716513f2cdfbd5e24e8b7461a77d
                                                                                                                                                                                                                                                                    • Instruction ID: 4745c2cce4c0bbccf50072b22e47b5a7365bf6ce8ef4666607a9b38849fa52af
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 37e0a04dbdd66d88dba87736e60bcd60b2cc716513f2cdfbd5e24e8b7461a77d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B4F012B6A0968286D615DBA0F40529AA7A0FB84354F808034DE5C57765EFBCE119CB00
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF2DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_ItemStringTuple_
                                                                                                                                                                                                                                                                    • String ID: abi
                                                                                                                                                                                                                                                                    • API String ID: 2162364271-3589384412
                                                                                                                                                                                                                                                                    • Opcode ID: 2f705a3c80a23fabd9577255bb147a35a259eee0fa9c31c1af5e00f0eabc6663
                                                                                                                                                                                                                                                                    • Instruction ID: a4170a07589ec770500f95965e975d174c237333dfe526c96364f42f338b4557
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f705a3c80a23fabd9577255bb147a35a259eee0fa9c31c1af5e00f0eabc6663
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80E0ACB1A0650292EA2E9F35D86517823A4AF88B05F949175CD0E463A4CF6DA46B8710
                                                                                                                                                                                                                                                                    Function 00007FFBAB038FD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_ParseSizeTuple_Valid
                                                                                                                                                                                                                                                                    • String ID: :IsValid
                                                                                                                                                                                                                                                                    • API String ID: 1733704823-2800628479
                                                                                                                                                                                                                                                                    • Opcode ID: d6672662ff62677f4ee0c9ae0f75957b8217232bd1142c6c8af475a3793489e6
                                                                                                                                                                                                                                                                    • Instruction ID: 7d0b1e7a6a5f39f05134a205de34081b455d9a6b6e8e55bb96a2466298566275
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d6672662ff62677f4ee0c9ae0f75957b8217232bd1142c6c8af475a3793489e6
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A3E0ECA1F5AA0686EB6E4BB2EC5407512A1EF58B94F049430CE3E86370FE2CD5F58744
                                                                                                                                                                                                                                                                    Function 00007FFBAB038890 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_DescriptorParseSecurityTupleValid
                                                                                                                                                                                                                                                                    • String ID: :IsValid
                                                                                                                                                                                                                                                                    • API String ID: 1292091245-2800628479
                                                                                                                                                                                                                                                                    • Opcode ID: 88f9e98b93e5a915f0c9d2f85e788e22b484281a7c608c4bbfbdfe024740cc3c
                                                                                                                                                                                                                                                                    • Instruction ID: 3937fe971692784ffbdde9b69f3836ef1d322f098461c93e4a3f265f8b0a7900
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 88f9e98b93e5a915f0c9d2f85e788e22b484281a7c608c4bbfbdfe024740cc3c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8E0E6A1B5650681EB7E5772EC5407512A0EF58B90F449430CD2D86370FD2CE5E58300
                                                                                                                                                                                                                                                                    Function 00007FFBAB039090 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_LengthParseSizeTuple_
                                                                                                                                                                                                                                                                    • String ID: :GetLength
                                                                                                                                                                                                                                                                    • API String ID: 986722786-295138441
                                                                                                                                                                                                                                                                    • Opcode ID: 9f40dc58e3b00cbbe786f80ce784a4c9e75ad5122b7287aeffa16e6cf2c79c5c
                                                                                                                                                                                                                                                                    • Instruction ID: 3980da3d7f40110e0d813e3af80d255bd085b37000ed00ffd4ec7e77d966c3a1
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9f40dc58e3b00cbbe786f80ce784a4c9e75ad5122b7287aeffa16e6cf2c79c5c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0DE0ECE1F2A90682EB7E4B72EC5407512A0EF48B90F449430CD2E86370FE6CD5E58600
                                                                                                                                                                                                                                                                    Function 00007FFBAB031B80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_ParseTupleValid
                                                                                                                                                                                                                                                                    • String ID: :IsValid
                                                                                                                                                                                                                                                                    • API String ID: 2541654197-2800628479
                                                                                                                                                                                                                                                                    • Opcode ID: a2c7ad6af1abea5f253b7a3b05eb2fc78f02dceca7f840b8d1cfe89c45c020dd
                                                                                                                                                                                                                                                                    • Instruction ID: 6ab543218f3c659df9955a3c28eda2ca9e7b484a7bfdaadaeb8a333c3290a602
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a2c7ad6af1abea5f253b7a3b05eb2fc78f02dceca7f840b8d1cfe89c45c020dd
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9DE012A1F5A90682EB6E8BB2EC5417522E0EF98F95F049430CD2D86370FE2CE5F58300
                                                                                                                                                                                                                                                                    Function 00007FFBAB0388D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_DescriptorLengthParseSecurityTuple
                                                                                                                                                                                                                                                                    • String ID: :GetLength
                                                                                                                                                                                                                                                                    • API String ID: 840013968-295138441
                                                                                                                                                                                                                                                                    • Opcode ID: 99bbef9938abcbd77cc71ab482e6a24a020aa0d5f9e310f661fdaecfbdcf0375
                                                                                                                                                                                                                                                                    • Instruction ID: 1b1caeb05ab4734826ff7dbdef1ac5554e2eac14851e644bb993c20e9457f8f9
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 99bbef9938abcbd77cc71ab482e6a24a020aa0d5f9e310f661fdaecfbdcf0375
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6CE0E6A1B2664681EB7E4772EC5407512A0EF48B90F049430CD2D86370FD2CE5F5C304
                                                                                                                                                                                                                                                                    Function 00007FFBAB0390D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Arg_AuthorityCountParseSizeTuple_
                                                                                                                                                                                                                                                                    • String ID: :GetSubAuthorityCount
                                                                                                                                                                                                                                                                    • API String ID: 3376985458-2020981275
                                                                                                                                                                                                                                                                    • Opcode ID: f0c015188994c3a9580b6de2581154fc77b4ac0713eae07f29022d0ca35b690d
                                                                                                                                                                                                                                                                    • Instruction ID: e490a80f8de213d9b3b84b4881124d78c524bd9a220233baba372bcb82b1e8d6
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f0c015188994c3a9580b6de2581154fc77b4ac0713eae07f29022d0ca35b690d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1E0ECA1F1AA4681EB6E4B76EC9407522A0EF58B91B449435CD7E86270EE2CE5F58700
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF33B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: write_raw_float_data$write_raw_float_data: bad float size
                                                                                                                                                                                                                                                                    • API String ID: 0-3509257061
                                                                                                                                                                                                                                                                    • Opcode ID: 48937d97449a1ca8ae51600805fe4631cd32be7504f37be3d17e22256baa4cce
                                                                                                                                                                                                                                                                    • Instruction ID: ff3686589aa4054fc3e8b5e94a47edbeb7ca5f0590f4a3a90fbd02b37c899637
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 48937d97449a1ca8ae51600805fe4631cd32be7504f37be3d17e22256baa4cce
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15E086B4E16A0AE2DD7ECB36EC910342260AF66744FA09B31D91D55420EE6EA0EA9710
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF2E30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_ItemStringTuple_
                                                                                                                                                                                                                                                                    • String ID: elements
                                                                                                                                                                                                                                                                    • API String ID: 2162364271-1145702237
                                                                                                                                                                                                                                                                    • Opcode ID: 926a46e64b3273b14cba874260ab3ec3d729e9e16f33d09e83e413c82541e46b
                                                                                                                                                                                                                                                                    • Instruction ID: dc347c3af3f08e9595357f89f1a30d8f9e2d02c5619ed1b39c6528c094a77ad4
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 926a46e64b3273b14cba874260ab3ec3d729e9e16f33d09e83e413c82541e46b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74E01BA1B17A02D1EF159735D86127823A0FF89B45F508135CD1D46374DF6DE1BB8720
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF2E80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_ItemStringTuple_
                                                                                                                                                                                                                                                                    • String ID: relements
                                                                                                                                                                                                                                                                    • API String ID: 2162364271-422848457
                                                                                                                                                                                                                                                                    • Opcode ID: bb717a58d6cbb0c2bd2ef55ee39887541a175c381efb52c7bc4ef0cbac782c94
                                                                                                                                                                                                                                                                    • Instruction ID: 1a0ac5d8909879629127ae0421545bda8d8b5e1ada16092b24bf7778955879f5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bb717a58d6cbb0c2bd2ef55ee39887541a175c381efb52c7bc4ef0cbac782c94
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6E0EDA0A47A02D1EE2A9B35D86413823A0BF88B49F508135CD1D46270DE2DE1BB8720
                                                                                                                                                                                                                                                                    Function 00007FFBAB03C880 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 16COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311891632.00007FFBAB031000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAB030000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311836099.00007FFBAB030000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311914994.00007FFBAB040000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311969437.00007FFBAB04E000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311990624.00007FFBAB051000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbab030000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_String
                                                                                                                                                                                                                                                                    • String ID: POINT must be a tuple of 2 ints (x,y)$ll;POINT must be a tuple of 2 ints (x,y)
                                                                                                                                                                                                                                                                    • API String ID: 1450464846-334919720
                                                                                                                                                                                                                                                                    • Opcode ID: 0d35483ddf44bfd197dc49b1b6211cb938ad411bb0e78d11a6d325ab75245ce1
                                                                                                                                                                                                                                                                    • Instruction ID: cacab6d85643b8f80fbfc1ff91068423b619afbfc57a0b324b3ff9f3479528a0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d35483ddf44bfd197dc49b1b6211cb938ad411bb0e78d11a6d325ab75245ce1
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02E012F1F06A46D1E6298B25E8801A523A0FB44B48F85D032CD1D57230DE3CD5B9C701
                                                                                                                                                                                                                                                                    Function 00007FFBAAFF2680 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 12sleepwindowCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3311705363.00007FFBAAFF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBAAFF0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311653260.00007FFBAAFF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311767015.00007FFBAB00D000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311790647.00007FFBAB01A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3311814548.00007FFBAB020000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffbaaff0000_MkWMm5piE5.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: MessageSleep
                                                                                                                                                                                                                                                                    • String ID: Python-CFFI error
                                                                                                                                                                                                                                                                    • API String ID: 578018706-1839111994
                                                                                                                                                                                                                                                                    • Opcode ID: 7636523c50b353e35f4ecd4f7b309967d9ad011eb07586744b1f311eddac1aa6
                                                                                                                                                                                                                                                                    • Instruction ID: 95f010a7dfbc8f2a77de00e11af8cb88afd8c55ffb8e8d4c0591779a588013c0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7636523c50b353e35f4ecd4f7b309967d9ad011eb07586744b1f311eddac1aa6
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E9D017E4A16A4691EB295B35FC593A42261BF08749F808936CD2D42270CE6CD17A8311